Skip to main content

Contributing

Ground rules

Do not commit secrets (API usernames/passwords/tokens).
Keep matching logic changes synchronized with config.py mappings and docs/usage.md.
Avoid committing .db, .xlsx outputs, or log files unless required for controlled sharing.

Suggested workflow

Create a branch for your change
Make changes
Run a quick smoke test:
- python main.py
- Import (Excel + API) into a temporary DB if needed
- Run compare and export
Update docs if behavior changes

Code style

Keep code simple and explicit. Prefer small functions and clear printed output (but never print secrets).

Security Policy

Sensitive data

This project uses credentials/secrets to call external APIs. Treat the following as sensitive:

API usernames/passwords
API secrets
Bearer tokens
Detailed HTTP logs (may contain authorization headers)

Recommendations

Provide secrets via environment variables.
Do not log tokens.
Keep HTTP_DEBUG disabled by default.

Reporting

If you discover a security issue, report it internally via your organization’s approved channel.

Ground rules
Suggested workflow
Code style
Sensitive data
Recommendations
Reporting