Django Spicedb Contributor
Overview
Use this skill only when work requires editing files under django_spicedb/.
For app-level integration, use $django-spicedb.
Contributor Objectives
- •Fix root causes, not symptoms.
- •Keep public API stable by default.
- •Minimize blast radius of changes.
- •Use targeted tests before broad suites.
- •Document behavior changes and known caveats.
Default Internal Workflow
- •Reproduce behavior in tests first.
- •Locate owning subsystem.
- •Patch minimal responsible module.
- •Add or update regression tests.
- •Validate with subsystem test matrix.
- •Expand to cross-cutting tests if needed.
- •Summarize compatibility impact.
Subsystem Ownership Map
- •Model registration/config extraction:
django_spicedb/models/base.py,django_spicedb/core.py,django_spicedb/conf.py - •Type graph/schema:
django_spicedb/types/graph.py,django_spicedb/schema.py - •Sync pipeline:
django_spicedb/sync/registry.py,django_spicedb/sync/backfill.py,django_spicedb/sync/reconcile.py - •Runtime APIs:
django_spicedb/runtime/evaluator.py,django_spicedb/runtime/__init__.py,django_spicedb/integrations/orm.py - •Adapter boundary:
django_spicedb/adapters/base.py,django_spicedb/adapters/spicedb.py,django_spicedb/adapters/factory.py - •Tenant/hierarchy:
django_spicedb/tenant.py,django_spicedb/models/hierarchy.py,django_spicedb/views.py,django_spicedb/hierarchy/signals.py
Invariants to Preserve
- •
RebacModelauto-registration behavior. - •
TypeGraphvalidation guarantees for parents/relations/permissions/bindings. - •Adapter protocol semantics in
adapters/base.py. - •Evaluator subject/reference validation and cache semantics.
- •Sync tuple lifecycle across FK/M2M/through operations.
Compatibility Rule
Default behavior:
- •Keep signatures and semantics stable for exported runtime APIs.
- •Keep manager/queryset method contracts stable unless breaking change is requested.
- •Keep adapter protocol backward compatible.
If breaking change is explicitly requested:
- •Identify affected call sites.
- •Provide migration notes.
- •Update tests and docs in same change.
Change-Type Playbooks
Add/modify binding kind behavior
- •Update extraction in
core.py. - •Update validation in
types/graph.py. - •Update sync generation/handlers in
sync/registry.py. - •Add sync + edge-case tests.
Change evaluator/query behavior
- •Update
runtime/evaluator.py. - •Update queryset integrations in
integrations/orm.py. - •Validate context, consistency, and caching behavior.
- •Add runtime/performance/security regression tests.
Change adapter behavior
- •Update
adapters/spicedb.py. - •Keep protocol alignment with
adapters/base.py. - •Validate factory config/errors in
adapters/factory.py. - •Run adapter/factory tests.
Change tenant/hierarchy semantics
- •Confirm tenant isolation behavior first.
- •Confirm staff bypass semantics and policy intent.
- •Verify hierarchy signal strategy and lifecycle.
- •Run hierarchy integration + security suites.
Completion Checklist
- •Behavior reproduced before patch.
- •Regression test added or updated.
- •Subsystem tests green.
- •Cross-cutting tests green where relevant.
- •Compatibility/migration impact documented.
Resources
- •Internal architecture deep dive:
references/architecture-internals.md - •Implementation workflow patterns:
references/implementation-workflows.md - •Subsystem test matrix:
references/subsystem-test-matrix.md - •Compatibility policy:
references/api-compatibility.md - •Release checklist:
references/release-checklist.md - •Prompt templates:
references/contributor-prompt-pack.md