> ## Documentation Index
> Fetch the complete documentation index at: https://agentidentityprotocol.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Contributing policy

# Contributing to the Agent Identity Protocol (AIP)

Thank you for your interest in contributing to AIP. This project aims to establish a zero-trust identity standard for autonomous AI agents.

## Ways to Contribute

### For Security Researchers

* Threat modeling and attack surface analysis
* Penetration testing of reference implementations
* Review of cryptographic choices and identity flows

### For Platform Engineers

* Kubernetes operators and sidecar implementations
* Cloud provider integrations (AWS, GCP, Azure)
* Service mesh integrations (Istio, Linkerd)

### For AI/ML Engineers

* Agent framework integrations (LangChain, AutoGPT, CrewAI)
* MCP transport implementations
* SDK development (Python, TypeScript, Go)

### For Compliance Teams

* Regulatory mapping (SOC2, GDPR, HIPAA, FedRAMP)
* Audit log schema standardization
* Policy template libraries

## Getting Started

### Prerequisites

* Go 1.21+ (for proxy development)
* Python 3.11+ (for SDK and examples)
* Node.js 20+ (for TypeScript SDK)

### Development Setup

```bash theme={null}
# Clone the repository
git clone https://github.com/ArangoGutierrez/agent-identity-protocol.git
cd agent-identity-protocol

# For Go proxy development
cd proxy && go mod download && go build ./...

# For Python SDK
cd sdk/python && pip install -e ".[dev]"

# For TypeScript SDK
cd sdk/typescript && npm install && npm run build
```

## Contribution Process

### 1. Issues First

Before starting work, please:

* Check existing issues for duplicates
* Open an issue describing what you want to work on
* Wait for maintainer feedback on approach

### 2. Branch Naming

```
feat/short-description    # New features
fix/issue-number          # Bug fixes
docs/what-changed         # Documentation
spec/proposal-name        # Specification changes
```

### 3. Commit Messages

Follow [Conventional Commits](https://www.conventionalcommits.org/):

```
feat: add OIDC token validation to proxy
fix: handle empty manifest gracefully
docs: clarify egress filtering behavior
spec: add delegation token schema
```

### 4. Pull Requests

* Fill out the PR template completely
* Ensure CI passes (lint, test, build)
* Request review from relevant CODEOWNERS
* Squash commits before merge

## Specification Changes

Changes to the AIP specification (`spec/`) require:

1. **RFC Process**: Open an issue with `[RFC]` prefix
2. **Discussion Period**: Minimum 2 weeks for community feedback
3. **Consensus**: Approval from at least 2 maintainers
4. **Backward Compatibility**: Document migration path if breaking

## Code Style

### Go

```bash theme={null}
gofmt -s -w .
go vet ./...
golangci-lint run
```

### Python

```bash theme={null}
ruff check .
ruff format .
mypy .
```

### TypeScript

```bash theme={null}
npm run lint
npm run typecheck
```

## Testing

All code changes require tests:

```bash theme={null}
# Go
go test -race -cover ./...

# Python
pytest --cov=aip

# TypeScript
npm test
```

## Documentation

* Code should be self-documenting with clear names
* Public APIs require doc comments
* Complex logic needs inline comments explaining "why"
* User-facing changes need README/docs updates

## Code of Conduct

We follow the [Contributor Covenant v2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct/).

**TL;DR**: Be respectful, inclusive, and professional. Focus on the work, not the person.

## License

By contributing to AIP, you agree that your contributions will be licensed under the [Apache License 2.0](LICENSE).

## Questions?

* **GitHub Discussions**: Architecture and design questions
* **GitHub Issues**: Bug reports and feature requests
* **Security Issues**: See [SECURITY.md](SECURITY.md)

***

Thank you for helping make AI agents safer and more accountable.
