ZCore is a portable credit scoring layer for Stellar DeFi, built in the open. We welcome contributions that help grow the ecosystem.
ZCore aggregates verified on-chain payment events from partner platforms (Trustless Work, Blend Protocol, Vaquita) into a portable credit score that any lending protocol on Stellar can query. If you're contributing, understanding the Model B architecture first will save you time.
Live DApp: https://dapp-zcore.vercel.app
- Bug reports — Open an issue with reproduction steps and expected vs. actual behavior.
- Platform integrations — Add support for a new event source. See how Trustless Work integration works as a reference.
- Scoring improvements — Propose changes to event weights or anti-Sybil rules with data or reasoning.
- Frontend — The
Front/directory is a Next.js app that's actively being updated. - Documentation — Improve setup guides, API docs, or the integration guide.
- Node.js 20+
- MySQL 8.0+
- Git
git clone https://github.com/Zcorehub/ZCore-dev.git
cd ZCore-dev/Server
npm install
# Copy env and fill in your MySQL credentials
cp .env.example .env
# Edit .env: set DATABASE_URL and ADMIN_SECRET
# Initialize database
npx prisma generate
npx prisma migrate dev --name init
# Run development server
npm run dev
# API: http://localhost:3000/api
# Swagger: http://localhost:3000/api-docscd ZCore-dev/Front
npm install
npm run dev| Branch pattern | Purpose |
|---|---|
main |
Stable, deployable |
feat/<name> |
New feature |
fix/<name> |
Bug fix |
docs/<name> |
Documentation only |
- One concern per PR. A bug fix should not include a refactor.
- Update Swagger docs if you add or modify an endpoint (JSDoc comments in the controller file).
- No secrets in code. Use
.envfor all credentials. The.env.exampleis the single source of truth for required variables. - Keep
txHashuniqueness enforced. Never remove the@uniqueconstraint onCreditEvent.txHash— it is the primary duplicate-payment guard. - Test your changes against a real Stellar testnet wallet. Set
STELLAR_NETWORK=testnetin your.envfor development. - Run tests before opening a PR. From repo root:
npm test(Server unit tests via Vitest). CI runs the same on every PR (#19). - Integration tests (optional locally): With Docker MySQL running, set
DATABASE_URLand runnpm run test:integration --prefix Server. - Score recalculation (admin):
npm run recalc:scores --prefix Server -- --dry-runthen--applywith validADMIN_SECRET. - Lender SDK: See
packages/lender-sdk/README.mdfor partner integrations (#48).
The project maintains 12 open issues — see .github/issue-bodies/README.md for the canonical backlog. Closed issues remain for history; do not reopen without triage.
- Admin dashboard: Open
/adminin the dapp (not linked in nav) withADMIN_SECRET.
GitHub Actions builds Server + Front and runs unit tests on every push to main and on pull requests. See .github/workflows/ci.yml.
- Register the platform via
POST /api/platforms/register(see Swagger). - The platform receives an API key to call
POST /api/events/report. - Map the platform's payment events to one of the supported
eventTypevalues:escrow_completedloan_repaidtanda_round_paidtanda_cycle_completed
- If the platform has a new event type, propose it in an issue first with the suggested
base/perUSDC/maxPerEventweights.
Do not modify the counterparty decay table or the txHash uniqueness constraint without opening an issue first. These are load-bearing security properties.
- TypeScript strict mode is on. No
anycasts unless absolutely necessary and documented. - No comments that explain what the code does — only why when it's non-obvious.
- Zod schemas live in
Server/src/middleware/schemas.ts. Add new ones there.
Open an issue or reach out to the team.