Thank you for your interest in contributing to FlowFi
FlowFi is a DeFi payment streaming protocol built on Stellar using Soroban smart contracts. This guide explains how to set up your local development environment and contribute effectively.
Have questions before contributing? We've got you covered!
- Questions about using FlowFi? → Start a discussion in GitHub Discussions - Q&A
- Found a bug? → Open an Issue
- Want to suggest a feature? → Start a Discussion - Ideas
- Need help setting up? → Check Local Development Setup or ask in Discussions
Open an Issue if:
- You found a bug 🐛
- You want to work on a concrete feature or task ✨
- There's a documentation problem 📝
Start a Discussion if:
- You have a question ❓
- You want to propose and discuss a feature 💡
- You're sharing a project or use case 🎪
See our Discussions Guide for more details.
- Getting Help & Asking Questions
- Project Overview
- Local Development Setup
- Branching Strategy
- Commit Guidelines & Hooks
- Pull Request Process
- Security
- Code of Conduct
FlowFi is structured as a monorepo:
flowfi/
├── backend/ # Express.js + TypeScript backend
├── contracts/ # Soroban smart contracts (Rust)
├── frontend/ # Next.js + Tailwind CSS frontend
Technologies used:
- Frontend: Next.js + TypeScript + Tailwind CSS
- Backend: Express.js + TypeScript
- Smart Contracts: Rust + Soroban
- Database: PostgreSQL
- Containerization: Docker & Docker Compose
Fork & Clone the Repository
First, fork the repository on GitHub.
Then clone your fork locally:
git clone https://github.com/YOUR-USERNAME/flowfi.git
cd flowfiMake sure you have the following installed:
- Node.js (LTS recommended)
- npm
- Rust & Cargo
- Docker & Docker Compose
- (Optional) Stellar CLI
The fastest way to run the full stack locally:
docker compose up --buildThis starts:
- PostgreSQL (port 5432)
- Backend API (port 3001)
To run in detached mode:
docker compose up -d --buildTo stop services:
docker compose downTo reset the database:
docker compose down -v- Install Dependencies
cd backend
npm install- Set Up Database
The backend uses PostgreSQL. You can either:
- Use Docker Compose (recommended):
docker compose up postgres -d - Or set up PostgreSQL locally and configure
DATABASE_URLin your.envfile
- Run Database Migrations
npm run prisma:generate
npm run prisma:migrate- Start Development Server
npm run devBackend runs on: http://localhost:3001
Available Backend Scripts:
npm run dev- Start development server with hot reloadnpm run build- Build TypeScript to JavaScriptnpm run start- Start production servernpm run test- Run test suitenpm run prisma:generate- Generate Prisma clientnpm run prisma:migrate- Run database migrationsnpm run prisma:studio- Open Prisma Studio (database GUI)
Backend API Documentation:
- Swagger UI:
http://localhost:3001/api-docs - OpenAPI Spec:
http://localhost:3001/api-docs.json
- Install Dependencies
cd frontend
npm install- Start Development Server
npm run devFrontend runs on: http://localhost:3000
Available Frontend Scripts:
npm run dev- Start Next.js development servernpm run build- Build for productionnpm run start- Start production servernpm run lint- Run ESLint
Environment Variables:
Create a .env.local file in the frontend directory if needed for API endpoints or other configuration.
- Install Rust Toolchain
Make sure you have Rust and Cargo installed. If not:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh- Install Soroban CLI (if not already installed)
cargo install --locked soroban-cli- Build Contracts
cd contracts
cargo build --target wasm32-unknown-unknown --releaseThe compiled WASM files will be in target/wasm32-unknown-unknown/release/.
Contract Development:
- Contract source:
contracts/stream_contract/src/lib.rs - Tests:
contracts/stream_contract/src/test.rs - Build target:
wasm32-unknown-unknown
From the repository root:
# Verify security setup
npm run verify-security# Start all services
docker compose up --build
# Start in detached mode
docker compose up -d --build
# View logs
docker compose logs -f
# Stop services
docker compose down
# Reset database (removes volumes)
docker compose down -vThis repository uses GitHub Actions for continuous integration. Workflows are located in .github/workflows/.
-
Security Checks (
.github/workflows/security.yml)- Runs on: push to
main/develop, pull requests, and weekly schedule - Performs:
- Dependency vulnerability scanning (
npm audit) - CodeQL analysis for JavaScript/TypeScript
- Dependency vulnerability scanning (
- View workflow: Security Checks
- Runs on: push to
-
CI (
.github/workflows/ci.yml)- Runs on: push to
main/developand pull requests - Performs:
- Frontend: lint and build
- Backend: prisma generation, build, and tests
- Soroban Contracts: build (wasm) and tests
- View workflow: CI
- Runs on: push to
Before pushing, ensure your changes pass all the same checks that run in GitHub Actions.
cd frontend
npm run lint # Runs ESLint
npm run build # Verifies the buildcd backend
npm run prisma:generate # Ensure Prisma client is up to date
npm run build # Verifies TypeScript compilation
npm run test # Runs backend vitest suiteNote: Backend tests require a running PostgreSQL instance and DATABASE_URL environment variable.
cd contracts
cargo build --target wasm32-unknown-unknown --release # Verifies contract build
cargo test # Runs contract tests# From the repository root
npm run verify-security❌ Do NOT commit directly to main
✅ Always create a feature branch
| Type | Format | Example |
|---|---|---|
| Feature | feature/short-description |
feature/add-stream-cancel |
| Bug Fix | fix/short-description |
fix/dashboard-loading-error |
| Refactor | refactor/short-description |
refactor/api-service-layer |
| Docs | docs/short-description |
docs/update-contributing |
| Infra | infra/short-description |
infra/docker-improvement |
git checkout -b feature/your-feature-nameKeep branch names short and descriptive.
This repository uses Husky for commit hooks.
Before committing, ensure:
- Code compiles
- Lint passes
- No broken builds
We follow a conventional style:
type(scope): short description
feat(frontend): add wallet balance card
fix(backed): resolve stream validation bug
refactor(contracts): simplify transfer logic
docs: update setup instructions
- Use present tense ("add", not "added")
- Keep subject under ~72 characters
- Make atomic commits (one logical change per commit)
- Avoid vague messages like "update stuff"
Before opening a PR:
git checkout main
git pull origin main
git checkout your-branch
git rebase mainResolve conflicts locally if any.
git push origin your-branch-nameWhen opening your PR:
- Provide a clear title
- Add a detailed description
- Link related issues (e.g.,
Closes #45) - Add screenshots for UI changes
- Explain why the change is needed
Your PR must:
- Build successfully
- Pass lint checks
- Follow commit conventions
- Be properly described
- Stay focused (avoid large unrelated changes)
Maintainers may:
- Request changes
- Ask clarifying questions
- Suggest improvements
Please respond respectfully and update your branch as requested.
If you discover a security vulnerability, please do NOT open a public issue. Instead, follow our responsible disclosure process outlined in our Security Policy.
Security vulnerabilities should be reported privately to allow us to address them before public disclosure.
This project follows a Code of Conduct to ensure a welcoming and inclusive community.
Please read and follow our Code of Conduct before contributing:
Be respectful. Be collaborative. Be constructive.
- Contributions of all sizes are welcome
- Documentation improvements are valuable
- Ask questions in Issues if unsure
- Keep PRs small and manageable
Thank you for helping improve FlowFi 💙