Thank you for your interest in contributing to the MITRE MCP Server! This document provides guidelines and instructions for contributing to the project.
- Development Setup
- Code Quality Standards
- Testing
- Pre-commit Hooks
- CI/CD Pipeline
- Pull Request Process
- Security
git clone https://github.com/Montimage/mitre-mcp.git
cd mitre-mcppython -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate# Install package in editable mode with dev dependencies
pip install -e ".[dev]"
# Or install from requirements files
pip install -r requirements.txt
pip install -r requirements-dev.txtpre-commit installThis project maintains high code quality standards through automated checks:
-
Black: Code formatter with 100-character line length
black mitre_mcp/ tests/
-
isort: Import statement organizer
isort mitre_mcp/ tests/
- flake8: Style guide enforcement
flake8 mitre_mcp/ tests/
- mypy: Static type checking
mypy mitre_mcp/
-
bandit: Security issue detection
bandit -r mitre_mcp/ -c pyproject.toml
-
safety: Dependency vulnerability checking
safety check
- radon: Cyclomatic complexity and maintainability analysis
radon cc mitre_mcp/ -a -nb radon mi mitre_mcp/ -nb
# Run all tests
pytest
# Run with coverage
pytest --cov=mitre_mcp --cov-report=html
# Run specific test file
pytest tests/test_validators.py
# Run with verbose output
pytest -v- Minimum 80% code coverage required
- All tests must pass before merging
- Add tests for new features and bug fixes
- Use pytest fixtures for common test data
tests/
├── conftest.py # Shared fixtures
├── test_validators.py # Input validation tests
├── test_config.py # Configuration tests
├── test_tools.py # MCP tool tests
├── test_download.py # Download/caching tests
└── test_formatting.py # Formatting function tests
Pre-commit hooks automatically run code quality checks before each commit.
# Install pre-commit
pip install pre-commit
# Install hooks
pre-commit install# Run on all files
pre-commit run --all-files
# Run specific hook
pre-commit run black --all-files- Code Formatting: Black, isort
- Linting: flake8 with plugins
- Type Checking: mypy
- Security: bandit
- General Checks: trailing whitespace, YAML/JSON validation, etc.
- Python Upgrades: pyupgrade for Python 3.10+ syntax
- Docstrings: pydocstyle (Google style)
Only in exceptional cases:
git commit --no-verifyThe project uses three main workflows:
Triggers: Push to main/develop/claude/*, pull requests
Matrix Testing:
- Python versions: 3.10, 3.11, 3.12, 3.13, 3.14
- Operating systems: Ubuntu, macOS, Windows
Steps:
- Set up Python environment
- Install dependencies
- Run pytest with coverage
- Upload coverage to Codecov (Ubuntu + Python 3.12 only)
Local Equivalent:
pytest --cov=mitre_mcp --cov-report=xmlTriggers: Push to main/develop/claude/*, pull requests
Checks:
- Black formatting
- isort import sorting
- flake8 linting
- mypy type checking
- pydocstyle docstring style
- Radon code complexity
Local Equivalent:
black --check mitre_mcp/ tests/
isort --check-only mitre_mcp/ tests/
flake8 mitre_mcp/ tests/
mypy mitre_mcp/
pydocstyle mitre_mcp/
radon cc mitre_mcp/ -a -nbTriggers:
- Push to main/develop/claude/*
- Pull requests
- Daily at 2 AM UTC
- Manual workflow dispatch
Scans:
- Bandit: Python security linter
- Safety: Dependency vulnerability checker
- CodeQL: GitHub's code analysis
- Dependency Review: PR dependency changes
Local Equivalent:
bandit -r mitre_mcp/ -c pyproject.toml
safety checkAdd these to your fork's README:
[](https://codecov.io/gh/Montimage/mitre-mcp)-
Run all quality checks:
# Run pre-commit hooks pre-commit run --all-files # Run tests pytest --cov=mitre_mcp
-
Ensure tests pass:
- All existing tests pass
- New tests added for new features
- Code coverage ≥ 80%
-
Update documentation:
- Update README.md if needed
- Add docstrings to new functions/classes
- Update CHANGELOG.md
- Code follows project style guidelines
- All tests pass locally
- Pre-commit hooks pass
- Added tests for new features
- Documentation updated
- CHANGELOG.md updated
- No security vulnerabilities introduced
- Type hints added for new code
## Description
Brief description of changes
## Type of Change
- [ ] Bug fix
- [ ] New feature
- [ ] Breaking change
- [ ] Documentation update
## Testing
Describe testing performed
## Checklist
- [ ] Code follows style guidelines
- [ ] Self-review completed
- [ ] Comments added for complex code
- [ ] Documentation updated
- [ ] Tests added/updated
- [ ] All tests pass
- [ ] No new warnings- Automated checks must pass
- At least one maintainer approval required
- No unresolved conversations
- Branch must be up to date with base
Please report security vulnerabilities to the project maintainers privately. Do not open public issues for security concerns.
- Input Validation: All user inputs validated
- Dependencies: Regularly updated and scanned
- Secrets: Never commit secrets/credentials
- HTTPS: All external requests use HTTPS with verification
- Timeouts: All network requests have timeouts
- Bandit: Scans for common security issues
- Safety: Checks for vulnerable dependencies
- CodeQL: Advanced semantic code analysis
- Dependency Review: Reviews PR dependency changes
- Minimum: Python 3.10
- Target: Python 3.10-3.14
- Functions/Variables:
snake_case - Classes:
PascalCase - Constants:
UPPER_SNAKE_CASE - Private: Prefix with
_
Use Google-style docstrings:
def function_name(param1: str, param2: int) -> bool:
"""Brief description.
Longer description if needed.
Args:
param1: Description of param1.
param2: Description of param2.
Returns:
Description of return value.
Raises:
ValueError: When invalid input provided.
"""
passAlways use type hints:
from typing import Dict, List, Optional, Any
def process_data(
data: Dict[str, Any],
limit: Optional[int] = None
) -> List[str]:
"""Process data with type hints."""
passOrganize imports:
# Standard library
import os
import sys
from datetime import datetime
# Third-party
import httpx
from mcp import FastMCP
# Local
from mitre_mcp.config import Config
from mitre_mcp.validators import validate_technique_id# Create feature branch
git checkout -b feature/your-feature-name
# Make changes and commit
git add .
git commit -m "Add feature description"
# Run tests and quality checks
pre-commit run --all-files
pytest --cov=mitre_mcp
# Push and create PR
git push origin feature/your-feature-name# Create bugfix branch
git checkout -b fix/bug-description
# Fix bug and add test
# Commit changes
git commit -m "Fix: bug description"
# Push and create PR
git push origin fix/bug-descriptionIf you have questions about contributing, please:
- Check existing documentation
- Search closed issues and PRs
- Open a discussion on GitHub
- Contact maintainers
Thank you for contributing to MITRE MCP Server!