Contribution Guidelines

To protect GhostMesh from state-sponsored backdoors or code injection, all commits must be signed using a verifiable GPG or SSH key registered on GitHub:

When submitting patches, please follow our pull request lifecycle:

• File an Issue detailing the bug or feature enhancement scope.
• Branch from the `develop` line and keep pull requests isolated to single files/features.
• Pass all unit and fuzzing checks (`cargo test` and `cargo +nightly fuzz run`).

Every PR touching `crypto/` undergoes a strict triple-reviewer protocol. Code must not contain custom random generation functions (only pre-approved system entropy primitives are allowed) and must exhibit strict constant-time performance to avoid side-channel timing attacks.