Skip to content

Ecosystem Standards#

Contributing to a project on Ergo?

This page serves as a guide for contributing as a project on Ergo. It outlines the standards for identity, development, and community administration. Adhering to these standards ensures a secure and efficient ecosystem.

V1 Identity#

| Description | NIST § |#

------- | ------------------------------------------------------------ | -------------------------------------------------------- | 1.1 | Ensure all associated account passwords are at least 12 characters long (C6) | 5.1.1.2 | 1.2 | Ensure all accounts such as Telegram admins, GitHub, and any associated Email accounts use appropriate multi-factor authentication | 6.1.1 |

V2 Development#

| Description | CWE |#

------- | ------------------------------------------------------------ | ----------------------------- | 2.1 | Ensure server configuration is hardened according to the recommendations of the application server and frameworks in use | 16 | 2.2 | Ensure all components are up to date, preferably using a dependency checker during build or compile time (C2) | 1026 | 2.3 | Ensure no secrets are within source code, preferably using a secrets scanner in CI environments (C8) | 798 | 2.4 | Ensure analytics for third-party providers are configured | | 2.5 | Ensure code is open-source and publicly audited by the community | |

Recommendations#

| Description |#

------- | ------------------------------------------------------------ | 2.2 | Use Snyk or DependencyCheck | 2.3 | Use Semgrep with Secrets Policy | 2.4 | Ensure analytics are connected on sites like defillama |

V3 Community Administration#

| Description |#

------- | --------------------------------------------------------- | 3.1 | Ensure Telegram groups have anti-spam/scam protection in place | 3.2 | Ensure Discord groups have anti-spam/scam protection in place | 3.3 | Work towards reducing friction between chats | 3.4 | Strive to boost engagement | 3.5 | Make efforts to educate your community |

Recommendations#

| Description |#

------- | ------------------------------------------------------------ | 3.1 | Enable OrgRobot with custom questions which has a few handy free bots like daysandbox_bot, grep_robot and @WikiRobot, which can be used to reiterate a message at a set interval. | 3.2 | The built-in spam protection should be sufficient if properly configured in Server Settings -> Moderation -> Saftey Setup make sure all protections are enabled. Under Automod you can define custom words to filter an example would be .gd, .gg, @everyone, #Support, ✉️, ➡️, ➡, 🎟️, 👇, 👉, 🎁, 💌, 📨, 📩, 📪, 📭, 🆘, adminsupports, bch.gg, Create Ticket, dsc.gg, earn $, https://t.me, Open-Ticket, Raise a ticket, shrtm.nu, Support Ticket, supportservice. Alternatively you can enable Wickbot. | 3.2 | The 'thread' permission is often abused by scammers, luring users into private threads where they imitate support staff, you should disable threads entirely if unused, otherwise disable them on a per-channel or role basis. | 3.3 | Consider bridging your chats with the Ergo Discord | 3.3 | Get your Telegram added to @ErgoChats on Telegram | 3.3 | Create a PR to add yourself to this documentation | 3.3 | Get added on ergcube and sigmaverse | 3.4 | Participate in the weekly developer and marketing updates | 3.4 | Participate in ergoforum.org/c/marketing | 3.5 | Teach good principles like KYA | 3.5 | Warn users of scams being executed on the platform, particularly in response to support requests |