Skip to content

CONTRIBUTING.md

Latest commit

 

History

History
84 lines (60 loc) · 2.42 KB

CONTRIBUTING.md

File metadata and controls

84 lines (60 loc) · 2.42 KB

Contributing to TrueShot

Thanks for your interest in TrueShot. Contributions are welcome.

How to Contribute

Bug Reports

Open an issue using the Bug Report template. Include:

  • Device model and Android version
  • Steps to reproduce
  • Expected vs actual behavior
  • Logs if available (ADB logcat filtered to TrueShot)

Feature Requests

Open an issue using the Feature Request template.

Code Contributions

  1. Fork the repository
  2. Create a feature branch from main
  3. Make your changes
  4. Run tests: ./gradlew test
  5. Run lint: ./gradlew lint
  6. Submit a pull request

Areas Where Help is Needed

  • Key attestation validation — validating the Android key attestation chain against Google Root CA
  • C2PA JUMBF embedding — native C2PA manifest embedding alongside the current post-EOI format
  • iOS port — bringing TrueShot to iOS with equivalent CryptoKit integration
  • F-Droid packaging — preparing the build for F-Droid submission
  • Translations — localizing the app UI
  • Screen detection research — improving the sensor-based screen recapture detection with larger datasets

Development Setup

git clone https://github.com/YuriTheCoder/TrueShot.git
cd TrueShot
./gradlew assembleDebug

Requirements:

  • JDK 17+
  • Android SDK 35
  • Android Studio Ladybug or newer
  • Physical Android device (hardware sensors and Keystore not available on emulators)

Architecture

The project uses a multi-module architecture:

  • app/ — Entry point, navigation, Hilt setup
  • core/ — Database, DataStore, models, UI theme
  • domain/ — Repository interfaces, use cases
  • data/ — All implementations (crypto, sensors, camera, storage)
  • feature/ — UI screens (Jetpack Compose)
  • site/ — Web verifier (vanilla JS)

Code Standards

  • Kotlin with explicit types on public APIs
  • Jetpack Compose for all UI
  • Hilt for dependency injection
  • Room for persistence
  • Coroutines for async operations
  • No third-party analytics or tracking SDKs

Cryptography Guidelines

If your contribution touches cryptographic code:

  • Do not introduce custom cryptographic constructions
  • Use standard primitives (ECDSA P-256, SHA-256, Android Keystore)
  • Do not weaken key generation parameters
  • Do not add key export functionality
  • Document any changes to the signing or verification pipeline

License

By contributing, you agree that your contributions will be licensed under the MIT License.