docs: add CONTRIBUTING.md

[MegaRedHand]

This PR adds documentation for future contributors, inspired by ethrex's

[github-actions]

🤖 Kimi Code Review

This PR adds a comprehensive CONTRIBUTING.md file. While documentation-only PRs don't typically require security reviews, here are some observations:

Positive aspects

• Clear project philosophy that aligns with the "lean" approach
• Well-structured getting started guide
• Good balance of technical detail and accessibility
• Clear PR naming convention that will help with automated tooling

Minor suggestions

Line 29: The project structure diagram shows leansig wrapper for XMSS aggregation. Consider clarifying what "leansig" refers to - is this an internal crate or external dependency? This could be confusing for new contributors.

Line 107: The "Contributions Related to Spelling and Grammar" section might be overly restrictive. Consider allowing small documentation fixes from first-time contributors if they also include substantive improvements elsewhere in the same PR.

Line 127: The security email security@lambdaclass.com should be verified as actively monitored. Consider adding a PGP key fingerprint for sensitive vulnerability reports.

Line 133-135: The communication channels section lists Telegram, X/Twitter, and GitHub Issues. Consider adding a note about expected response times or when to use each channel.

Overall, this is an excellent contribution guide that effectively communicates the project's minimalist philosophy while providing practical onboarding instructions.

---

Automated review by Kimi (Moonshot AI) · custom prompt

[github-actions]

🤖 Codex Code Review

No blocking findings.

• The PR is documentation-only (CONTRIBUTING.md), with no Rust/consensus code changes, so there is no direct impact on:
  • fork choice (LMD GHOST / 3SF-mini),
  • attestation/state transition logic,
  • XMSS verification/aggregation,
  • SSZ encoding/decoding,
  • memory safety/runtime behavior.

Residual risk:

• Minimal and limited to process/docs clarity. No code correctness, security, or performance regression introduced by this diff.

---

Automated review by OpenAI Codex · custom prompt

[greptile-apps]

Greptile Summary

This PR adds comprehensive documentation for contributors, establishing clear guidelines for participation in the ethlambda project. The document covers project philosophy emphasizing simplicity and code minimalism, detailed setup instructions, PR conventions with semantic commit formatting, code style requirements, and communication channels. All internal references (SECURITY.md, LICENSE, Makefile targets, project structure) have been verified and are accurate.

Confidence Score: 5/5

• This documentation-only PR is completely safe to merge with no risk
• This is a well-structured documentation addition with no code changes. All references to internal files (SECURITY.md, LICENSE, Makefile) and project structure have been verified and are accurate. The document provides clear, comprehensive guidelines that align with the project's philosophy.
• No files require special attention

Important Files Changed

Filename	Overview
CONTRIBUTING.md	Adds comprehensive contributor guidelines covering philosophy, setup, PR conventions, code style, and communication channels. All references verified.

_{Last reviewed commit: 3f27abe}

[github-actions]

🤖 Claude Code Review

Here is my review of PR #168:

---

Review: docs: add CONTRIBUTING.md

This is a documentation-only PR adding a contributor guide. The content is generally well-structured and aligns with the project's philosophy. A couple of factual issues need fixing before merging.

---

Bugs / Inaccuracies

Wrong lean-quickstart URL (critical)

Line 131 links to https://github.com/pq-ethereum/lean-quickstart, but the Makefile clones from https://github.com/blockblaz/lean-quickstart.git. This will send contributors to the wrong repository.

-ethlambda supports spinning up a local multi-client devnet via [lean-quickstart](https://github.com/pq-ethereum/lean-quickstart).
+ethlambda supports spinning up a local multi-client devnet via [lean-quickstart](https://github.com/blockblaz/lean-quickstart).

Ambiguous tree structure in Project Structure section

Lines 22–35: fork_choice/ and state_transition/ use tree characters (├─, └─) but are indented at the same level as blockchain/ rather than as its children. In standard ASCII tree notation this is misleading — a reader cannot tell whether these are children of blockchain/ or siblings of it. Compare with CLAUDE.md which uses 4-space indent for children:

-  blockchain/                   # Fork processing actor
-  ├─ fork_choice/               # LMD GHOST implementation
-  └─ state_transition/          # Process slots, blocks, attestations
-  common/
+  blockchain/                   # Fork processing actor
+  ├─ fork_choice/               # LMD GHOST implementation
+  └─ state_transition/          # Process slots, blocks, attestations
+  common/

The fix is to either add extra indentation to the child entries or use a vertical connector (│) to visually attach them to their parent.

---

Minor Notes

• Rust version (line 42): "Rust (stable toolchain)" is vague. The project targets Rust 1.92.0 (edition 2024) per CLAUDE.md. Listing the minimum required version (or pointing to rust-toolchain.toml if one exists) avoids confusion for contributors on older toolchains.

• blockchain/ description (line 22): "Fork processing actor" understates the crate's scope — it also handles validator duties, state transitions, tick scheduling, and key management. "State machine actor" (as used in CLAUDE.md) is more accurate.

• make fmt omitted from setup (lines 46–51): The setup section only shows make lint and make test. make fmt should be listed first (or at least mentioned), since linting will fail if formatting hasn't been run. This matches the "Before Committing" section later in the document.

• .github/SECURITY.md reference (line 134): Verified — the file exists. Good.

---

Summary

The URL bug for lean-quickstart and the ambiguous tree indentation are the two items that should be fixed before merging. Everything else is polish-level. The philosophical content, PR naming rules, and review process sections are accurate and useful.

---

Automated review by Claude (Anthropic) · custom prompt