Skip to content

docs: rewrite QUICKSTART and CONTRIBUTING for OSS contributors#11

Merged
keirsalterego merged 1 commit into
mainfrom
docs/contributor-onboarding
May 23, 2026
Merged

docs: rewrite QUICKSTART and CONTRIBUTING for OSS contributors#11
keirsalterego merged 1 commit into
mainfrom
docs/contributor-onboarding

Conversation

@keirsalterego

@keirsalterego keirsalterego commented May 23, 2026

Copy link
Copy Markdown
Contributor

Summary

Replaces the old QUICKSTART (which assumed a hosted Vyrox dashboard that doesn't exist yet) with a real ten-minute OSS path: git clone → built proxy → signed /execute request → inspected audit JSONL.

Replaces the two-line CONTRIBUTING with an actual workflow document.

QUICKSTART scope

  • Only the open components: vyrox-proxy, vyrox-simulator, vyrox-docs
  • No Python, Node, Docker, or Discord required
  • DRY_RUN=true throughout so no real EDR call is possible
  • Working curl + openssl + bash snippets to sign and POST to /execute
  • Inspection of the resulting audit JSONL entry with reference to AUDIT_CHAIN.md
  • Common failure modes (401, 410, missing env)

CONTRIBUTING scope

  • Three repositories that accept outside contributions
  • Branch + commit naming conventions
  • Concrete "we will merge" and "we will not merge" lists
  • Local test commands per repo
  • Code style rules including the no-em-dash discipline
  • Reviewer expectations
  • Three documentation rules (document what is, quote the file, update docs in the same PR)

Depends on / merges after

#8 foundation rewrite. Cross-refs to ARCHITECTURE.md, AUDIT_CHAIN.md, ADAPTERS.md, SECURITY.md resolve once the foundation and the specialty PRs (#9, #10) land.

Test plan

  • Walk a fresh checkout through QUICKSTART top to bottom, time it, confirm under ten minutes
  • Confirm CONTRIBUTING accurately reflects the no-em-dash + Conventional Commits discipline now enforced

@keirsalterego
docs: rewrite QUICKSTART and CONTRIBUTING for OSS contributors
8d69690 
Both docs previously targeted operators integrating a real EDR with a
managed Vyrox dashboard at app.vyrox.dev. That dashboard does not
exist yet and the docs were aspirational.

QUICKSTART now walks an OSS contributor from git clone to a signed
execution request hitting a local proxy in about ten minutes. No
EDR account, no Discord, no Python runtime, no Docker. Just cargo
and bash. Covers:

- Building the proxy with cargo
- Running it with DRY_RUN=true (the default) so no real EDR call
  is possible
- Signing a /execute payload with openssl + curl
- Inspecting the resulting audit JSONL entry
- Running the simulator in --dry-run to see the wire format
- Common failure modes (401, 410, missing env)

CONTRIBUTING is now an actual contributor workflow doc instead of a
two-line "open a PR". Covers:

- The three repositories that accept outside contributions
- Branch and commit naming conventions
- What we will merge and what we will not (with concrete examples
  from past review threads)
- Local test commands per repo
- Code style rules including the no-em-dash discipline that drove
  this rewrite
- Reviewer expectations on both public and private PRs
- The three documentation rules: document what is, quote the file,
  update docs in the same PR

Cross-refs to ARCHITECTURE.md, AUDIT_CHAIN.md, ADAPTERS.md resolve
once those land via PRs #8, #9, #10.
Copilot AI review requested due to automatic review settings May 23, 2026 17:39
@keirsalterego keirsalterego merged commit 9933b48 into main May 23, 2026
1 check failed
@keirsalterego keirsalterego mentioned this pull request May 23, 2026
Merged
3 tasks
@keirsalterego keirsalterego review requested due to automatic review settings May 23, 2026 18:04
keirsalterego added a commit that referenced this pull request May 23, 2026
@keirsalterego
docs: replace ROADMAP with capability-focused public version
23dddf2 
The previous ROADMAP carried ARR targets, pilot counts, quarterly
revenue numbers, and an MSP channel percentage. That material moved
to vyrox-design-partners/docs/gtm/INTERNAL_ROADMAP_WITH_TARGETS.md
in PR #9 of that repo. This commit lands its replacement.

The new ROADMAP is organised by capability, not by quarter or by
revenue tier. Sections:

- Recently shipped: the sixteen blockers from the May 2026 audits
  (eight P0 + eight P0.5), each described as a public contract
  change with the file paths a reader can verify.
- In flight: items that touch a public contract, with the actual
  bottleneck called out (Postgres before tenant 25, retry runner
  not yet wired into worker entrypoint, etc).
- Planned, not started: public OpenAPI spec, customer-side audit
  verifier binary, EU data region, web operator interface trigger
  conditions.
- Adapter coverage: shipped vendors plus on-demand future adapters.
- Compliance and certification: where we are honest about what is
  in flight versus planned versus not started.
- Versioning and release cadence: semver intent for the public repos.
- "Intentionally not on the roadmap": SIEM, managed human SOC,
  web dashboard during alpha, free public ingestion endpoint.

Cross-refs to ARCHITECTURE.md, API_REFERENCE.md, AUDIT_CHAIN.md,
ADAPTERS.md, SECURITY.md resolve after the foundation and specialty
PRs (#8, #9, #10, #11) land.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@keirsalterego