Loop Engine follows a BDFL (Benevolent Dictator for Life) model. Better Data, Inc. controls the final roadmap and release decisions. Community contributions are welcome and encouraged.
- Open an issue before building anything significant
- Sign every commit with DCO:
Signed-off-by: Your Name <email>(required - addgit config commit.verbose trueand use-sflag) - PRs must pass all CI checks before review
- Breaking changes to core types require RFC (open an issue with [RFC] prefix)
pnpm install
pnpm buildPackage-scoped development:
pnpm --filter @loop-engine/runtime test
pnpm --filter @loop-engine/runtime lintRun these commands from repository root before opening a PR:
pnpm build
pnpm validate:publish # packed @loop-engine/* tarballs must not contain workspace:* (same gate as release)
pnpm lint
pnpm test
pnpm validate-loops
pnpm check-boundary- Local gate —
pnpm build && pnpm validate:publish. This is the tarball check (notnpm publish). It fails if any packed public package still hasworkspace:in its manifest. - Ship changes via PR — packaging fixes (e.g.
package.json,.npmrc,scripts/check-no-workspace-refs.mjs, workflow updates) go through CI like any other change. - CI publish — .github/workflows/rc-tag-release.yml publishes from GitHub Actions only. It runs on semver tag push (
v*.*.*): install → build →validate:publish→pnpm publish -rwithNODE_AUTH_TOKENset from theNPM_TOKENrepository secret (the env name must beNODE_AUTH_TOKENforsetup-node’s.npmrc). Provenance is enabled (id-token: write) except in dry-run mode. To dry-run auth and packing without uploading, use Actions → RC tag release → Run workflow (default is dry-run). Unchecking dry run triggers a ref guard: real publish is allowed only frommainor arefs/tags/ref — other branches fail fast. - Post-publish — the tag workflow runs a clean
npm install @loop-engine/sdk@<version>smoke test. Repeat manually from a scratch directory before announcing if you want extra assurance.
Local one-off releases can still use pnpm release (validate:publish + changeset publish) from a trusted machine; prefer the tag workflow for production npm publishes.
GitHub Actions publish (EOTP / “requires a one-time password”): CI cannot pass --otp. Preferred: Trusted Publishing (OIDC) — configure each @loop-engine/* package on npmjs with the same GitHub repo + workflow rc-tag-release.yml, and do not set NODE_AUTH_TOKEN on the publish step (token auth triggers EOTP). The release workflow uses Node 22+ and npm 11.5.1+ so OIDC works. Legacy: a granular token with Bypass 2FA or (deprecated) classic Automation token only if you are not using Trusted Publishing yet.
- Keep PR scope focused to one feature/fix area
- Include tests for behavior changes
- Update docs when public APIs or package contracts change
- Reference linked issue or RFC in PR description
✅ Domain-neutral primitives (packages/core) ✅ Loop definitions that work in any runtime (loops/) ✅ Examples showing cross-domain applicability ✅ Adapters for persistence and event buses
❌ SCM-specific business logic (belongs in domain packs) ❌ AI optimization algorithms (proprietary - not accepted) ❌ Better Data-specific tenant or billing logic (proprietary) ❌ Any import from packages outside this repository
All packages follow semver strictly.
Breaking changes to event schemas require 6-month deprecation notice.
Use changesets for all version bumps: pnpm changeset
Loop Engine is licensed under the Apache License 2.0 (see LICENSE).
By submitting a contribution, you agree that your contribution is provided under the same license.