Menu / Docs Navigation

Contributing

We welcome code contributions, cryptographic audits, and architectural proposals from the open source community to strengthen the Tunnely network.

Pull Request Process

If you have successfully built the application locally and wish to submit a patch, please follow standard GitHub flow:

  1. Fork the specific repository (tunnely-client or tunnely-relay).
  2. Branch off of main with a descriptive title (e.g., feature/mesh-optimization or bugfix/linux-dns-leak).
  3. Commit your changes using conventional commit styling.
  4. Pull Request against the trunk. Ensure your PR description clearly outlines the problem being solved and the testing methodology you utilized.

Code Reviews

Due to the critical privacy nature of this software, all PRs must pass comprehensive CI unit/integration tests and receive sign-off from at least two core cryptographic maintainers before merging.

Vulnerability Disclosure Policy

If you discover a fundamental flaw in our WireGuard implementation, a method to deanonymize traffic paths, or a vulnerability in our API auth vectors, do not open a public GitHub issue.

Instead, securely disclose the vulnerability to our security team via encrypted email.

Email: security@tunnely.org
PGP Key: 0x8F3A22C99B8E4D5A

We maintain a bug bounty program. Valid disclosures indicating critical infrastructural vulnerabilities are eligible for significant bounties, paid out via cryptocurrency or USD. We provide safe harbor for researchers conducting good-faith network penetration testing on explicit testnet nodes.