Thank you for your interest in contributing to the MGA Operating System project. This guide outlines the development workflow, code standards, and submission requirements to ensure high-quality, secure, and compliant insurance software development.
- Development Workflow
- Environment Setup
- Code Standards
- Testing Requirements
- Security Requirements
- Submission Process
- Compliance Requirements
main- Production releases onlydevelop- Integration branch for feature developmentfeature/*- New feature developmentbugfix/*- Bug fixeshotfix/*- Production hotfixesrelease/*- Release preparation
- Use atomic commits with clear messages
- Reference issue/ticket numbers in commits
- Keep commits focused and logical
- Rebase feature branches on develop before PR
- Sign all commits with GPG keys
- Node.js version: 18.x
- Package manager: npm
- Required tools:
- Docker Desktop
- AWS CLI
- kubectl
- helm
Setup steps:
- Clone repository
- Install dependencies:
npm ci - Configure environment variables
- Start development server:
npm run dev
- Node.js version: 18.x
- Package manager: npm
- Accessibility requirements: WCAG 2.1 Level AA
Setup steps:
- Clone repository
- Install dependencies:
npm ci - Configure environment variables
- Start development server:
npm run dev
- Style guide: Airbnb
- Linting: ESLint
- Formatting: Prettier
- Complexity limits:
- Cyclomatic complexity: 10
- Cognitive complexity: 15
- Maintainability index: 20
- Code: JSDoc comments
- API: OpenAPI/Swagger
- Architecture: Architecture Decision Records (ADRs)
- Domain: Insurance domain documentation
- Framework: Jest
- Coverage threshold: 80%
- Required tests:
- Unit tests
- Integration tests
- API tests
- Performance tests
- Security tests
- Integration testing:
- OneShield integration tests required
- Third-party service integration tests required
- Framework: Jest + React Testing Library
- Coverage threshold: 80%
- Required tests:
- Unit tests
- Component tests
- Integration tests
- Accessibility tests
- Performance tests
- SAST scanning required
- Dependency vulnerability scanning
- Security-focused code review
- Secure coding practices enforcement
- SOC 2 Type II controls
- GDPR/CCPA compliance
- NAIC security standards
- PCI DSS requirements
- Use PR template
- Required sections:
- Description
- Type of Change
- Changes Made
- Testing
- Performance Impact
- Security Considerations
- Compliance Impact
- Checklist
- Minimum 2 approvals required
- Code owner review mandatory
- Domain expert review for core services
- Security team review for security changes
- Code coverage: 80% minimum
- Performance thresholds:
- API response time: < 2s
- Frontend load time: < 3s
- Resource usage assessment
- Security compliance:
- Vulnerability scan passing
- Dependency audit passing
- Security review for core services
- PII/PHI handling review
- Data protection measures
- Privacy impact assessment
- GDPR/CCPA requirements
- SOC 2 controls
- NAIC standards
- State insurance regulations
- Code documentation
- API documentation
- Architecture documentation
- Compliance documentation
For questions or support:
- Technical issues: Create a GitHub issue
- Security concerns: Contact [email protected]
- Compliance questions: Contact [email protected]
By contributing to MGA Operating System, you agree that your contributions will be licensed under its license terms.