Contributing

Two distinct contribution paths — pick the one that matches where your pack will live.

Shipped packs — packs merged into the femto repo under packs/*/. Operator-curated, community-PR-extended, harness-calibrated, reliability published on the hosted Metrics page. This follows the OWASP CheatSheetSeries precedent — editor-moderated, PR-driven, citation-required. Every claim needs an authoritative source; unsourced assertions fail schema validation and cannot merge.
Org-local packs — packs authored in your own repo under .femto/packs/*/ for compliance-grade or organization-specific rules that femto does not ship. Same schema, same structural enforcement, adopter-owned trust boundary. Not PR’d to femto.

Both kinds of pack use the same file layout and the same @femto/pack-schema validator. The sections below cover shipped-pack contribution first and then the org-local authoring walkthrough.

Pack layout

A pack lives under packs/<pack-id>/ with a kebab-case id matching ^[a-z][a-z0-9-]{0,62}[a-z0-9]$:

packs/multi-tenancy/
├── pack.json
├── kcs/
│   ├── row-level-security.md
│   └── tenant-scoping.md
└── tests/
    ├── rls-missing-force.md
    └── ...

pack.json — pack manifest validated by @femto/pack-schema. Declares id, version, status (alpha / stable), the KCs in scope, which are required_for_gating, the mastery threshold, the probe_config (per-KC turn minimums), and reads (reader-subagent missions).
kcs/<kc-id>.md — one KC per file. Six required sections, per-bullet citations, URL-parseable links.
tests/<test-id>.md — harness test cases with frontmatter (id, kcs_in_scope, kcs_touched, expected correctness) and a body scenario.

KC structure

Every KC markdown file must contain these six sections in this order:

## Concept
## Invariants
## Mechanisms
## Common failures
## Diagnostic heuristics
## Citations

The schema enforces per-bullet citations: every claim bullet in the first five sections includes an inline markdown link, and every link URL parses. Link rot is checked weekly by a CI workflow separate from per-PR validation.

The diagnostic-heuristics section is the hardest to write and the one the probe leans on most. Expect it to accumulate slowly — “what an expert looks for when this is subtly wrong” is tacit knowledge, and the corresponding KCs will often ship with thinner heuristic content than declarative content. That’s expected and named; strengthening it over time is one of the highest-leverage PRs a pack can accept.

Test cases

The harness needs held-out ground truth to produce honest AUC / FPR / TPR. A test case is a markdown file with YAML frontmatter:

---
id: rls-missing-force
kcs_in_scope: [row-level-security]
kcs_touched: [row-level-security]
stratum: standard
expected_correctness: 0.9
---

# Scenario

...

A pack cannot be promoted from alpha to stable without a harness of a minimum size covering declarative, procedural, causal, and diagnostic probes — a canonical per-domain test-case specification, not a cherry-picked subset that aligns with the grader’s strengths. Before promotion, run a fidelity spot-check (real interactive sessions vs. harness measurements) and commit .harness/spot-check.md; the calibrate command warns if it’s missing.

PR checklist

Before opening a PR:

bun run —filter ‘@femto/pack-schema’ test passes against the pack.
Every claim bullet has an inline link to an authoritative source (RFC, vendor doc, OWASP cheat sheet, canonical book, peer-reviewed reference). Secondary sources are OK when primary is unavailable; flag the compromise in the PR description.
Pack id, KC ids, test ids are kebab-case and unique within the pack.
New or changed KCs appear under the pack’s declared kcs.
If the pack is stable, a spot-check is committed at packs/<id>/.harness/spot-check.md.

Running the harness locally

See docs/calibration.md for the full flow — claude setup-token, the three mandatory disclosure conditions (grader_invocation: "harness-delegated", reads_path: "synthetic_or_empty", delegation_failure_rate), and the alpha → stable promotion rules.

Review model

One maintainer reviews and merges. Review priorities:

Citation quality — authoritative, current, URL-parseable.
Invariants and common-failures for accuracy against the cited sources.
Test-case coverage across declarative / procedural / causal / diagnostic.
Diagnostic-heuristics content depth.

Merge latency scales with operator bandwidth. If PR volume outstrips review capacity, femto will adopt an OWASP-style domain-leader model rather than relax moderation.

Authoring an org-local pack

For compliance, internal policy, or proprietary-domain packs that you don’t want to (or can’t) merge upstream: author the pack in your own repo and femto will load it side-by-side with shipped packs.

The file layout is identical to a shipped pack, just rooted at .femto/packs/ instead of packs/:

<your-repo>/.femto/packs/org-hipaa-access/
├── pack.json
├── kcs/
│   ├── minimum-necessary-disclosure.md
│   └── audit-logging.md
└── tests/
    └── phi-in-debug-log.md

Shape requirements

Identical to shipped packs — the schema does not distinguish between them:

pack.json passes bunx femto-validate-pack.
Each KC has the six required sections with per-bullet citations.
At least one test case covering each required_for_gating KC.
Pack id is a unique kebab-case slug. Avoid collisions with shipped pack ids — an org- prefix is a useful convention.

Authoritative sources for compliance KCs

The shipped-pack citation discipline (RFC / vendor doc / OWASP) still applies, but compliance-domain sources are thinner on the ground. Pragmatic substitutes:

HIPAA / PCI / SOC2 — cite the published standard (e.g., HIPAA § 164.312, PCI DSS 4.0 § 10.2, SOC2 Trust Service Criteria CC6.1). PDFs are fine as citations even though they’re not LLM-ready for ingestion.
NIST SP800 controls — cite the control id (e.g., AC-2, AU-12) plus the SP800 document version. The PDF URL on csrc.nist.gov is stable.
Internal policies — cite the commit / URL that documents the rule inside your org. Internal confluence pages and git paths are acceptable citations for org-local packs (they would not be acceptable for a shipped pack).
Vendor docs for compliance-adjacent products (Stripe, Auth0, Clerk) already ship in clean markdown and work the same way for org-local packs as for shipped ones.

Validation locally

bunx femto-validate-pack .femto/packs/org-hipaa-access

Calibration locally (optional)

The harness runs on any valid pack directory. For org-local calibration:

bunx femto-harness run .femto/packs/org-hipaa-access

Writes .harness/report.json inside the org-local pack. Publish internally — these numbers do not appear on the hosted Metrics page. That surface is operator-curated for shipped packs only, per the Gate 1 publish-commitment; org-local reliability is the adopter’s responsibility.

Loading and precedence

On session start, the MCP server walks shipped packs first ($CLAUDE_PLUGIN_ROOT/packs), then org-local packs ($PWD/.femto/packs). First match wins, so shipped packs shadow any org-local pack that reuses their id. Each loaded pack’s source appears in events.jsonl as pack.loaded with source: “shipped” | “org_local” — check the log if you’re unsure which version a session resolved to.

What not to do

Don’t PR an org-local pack upstream unless the content is genuinely reusable across adopters and you’re willing to own its citations under the shipped-pack standard.
Don’t override a shipped pack’s id. The shipped pack will win on collision and your content will silently not load. The events log flags the collision; pick a new id.
Don’t publish org-local reliability numbers to third parties claiming the femto Gate 1 publish-commitment — that commitment is scoped to shipped packs. Your org’s own reliability claims are your own.