Thank you for your interest in contributing to ClassNotes.
This project uses a serverless Firebase architecture, and contributions should respect the design and security boundaries described below.
- Fork the repository
- Create a new branch
git checkout -b feature/YourFeature - Make your changes
- Commit with a clear message
git commit -m "Add YourFeature" - Push to your fork
git push origin feature/YourFeature - Open a Pull Request
This repository contains client-side code only.
Do NOT:
- Add Firebase Admin SDK
- Add private keys or secrets
- Add backend credentials
- Add Google Apps Script private code
firebaseConfigis public by design- Do NOT move it to
.envfiles - Do NOT attempt to “hide” Firebase config
- Do NOT add secrets to frontend code
Security is enforced via Firestore Security Rules, not client-side obfuscation.
Firestore Security Rules are critical.
- Do NOT weaken access rules
- Do NOT allow unauthenticated writes
- Do NOT bypass verification checks
- Any rule-related suggestion must be clearly justified
If proposing rule changes, explain:
- What problem it solves
- Why it does not reduce security
- Anonymous authentication is intentional
- Upload access is restricted to verified users
- UI checks are not security boundaries
Do NOT:
- Remove verification checks
- Convert upload logic to client-only validation
- Assume frontend logic equals authorization
- GAS endpoints are treated as backend APIs
- Client calls must remain validated server-side
- Do NOT hardcode new endpoints without documentation
- Keep code readable and commented
- Follow existing project structure
- Avoid unnecessary dependencies
- Do not introduce frameworks unless discussed
- UI improvements
- Accessibility enhancements
- Performance optimizations
- Bug fixes
- Documentation improvements
- Code cleanup and refactoring
- Better error handling and UX polish
- Changes that weaken security
- Breaking architectural boundaries
- Adding unnecessary complexity
- Upload or auth logic modifications without justification
Be respectful and constructive.
This project is built for students and education.
Healthy discussion is welcome. Disruptive behavior is not.
Thank you for helping improve ClassNotes.