Software Development Lifecycle Policy

Last updated: March 25, 2026

Owner: Rockxy open-source project

This page explains how Rockxy designs, reviews, tests, ships, and maintains a privacy-first macOS debugging proxy whose source code is publicly auditable.

Executive summary

This document outlines how the Rockxy project approaches software development. As an open-source macOS developer tool, we hold ourselves to high standards of quality, security, and transparency. Every line of code is publicly auditable, and our development process reflects that openness.

Applicability

This policy applies to all development work within the Rockxy project, including the main application, helper tools, build infrastructure, and this website. It covers the full lifecycle from initial concept through ongoing maintenance.

Core principles

  • Quality — We ship software that is reliable, performant, and well-tested. Every release goes through automated and manual QA before reaching users.
  • Security — Security is embedded at every stage. Rockxy handles sensitive network traffic, and we treat that responsibility seriously: no telemetry, no data collection, and regular dependency audits.
  • Transparency — The source code is public. The issue tracker is public. Decisions about architecture, priorities, and trade-offs are documented in the open.
  • Community — Contributions from the community drive Rockxy forward. We maintain clear contribution guidelines, responsive code reviews, and an inclusive development environment.

SDLC stages

1. Ideation and scoping

New features and improvements are proposed through GitHub Issues and community discussions. We evaluate proposals based on user impact, technical feasibility, and alignment with the project roadmap before committing resources.

2. Planning and architecture

Accepted proposals move to a design phase where we define system architecture, identify dependencies, evaluate risk, and establish acceptance criteria. For significant changes, we write architecture decision records (ADRs) in the repository.

3. Development

All code is developed on feature branches and submitted via pull requests. Every PR requires code review before merging. We follow Swift and SwiftUI conventions, use meaningful commit messages, and keep changes focused and reviewable.

4. Quality assurance and testing

We maintain unit tests, integration tests, and manual QA checklists. Security-sensitive code (TLS interception, certificate management, proxy configuration) receives additional scrutiny. We test across supported macOS versions before each release.

5. Deployment and release

Releases follow semantic versioning. Each release includes a changelog entry, a signed build, and distribution through the project's official channels. We use automated build pipelines to ensure reproducible builds.

6. Maintenance and evolution

Post-release, we monitor community feedback, triage bug reports, and ship patches as needed. Dependencies are updated regularly, and we track upstream security advisories for all third-party packages.

Team and community dynamics

  • Core maintainers — Responsible for architectural decisions, release management, and long-term project direction.
  • Contributors — Community members who submit code, documentation, translations, and bug reports. All contributions go through the standard PR review process.
  • Users — Provide feedback, report issues, and validate features. User input directly shapes the roadmap.

Documentation and knowledge sharing

We maintain documentation at multiple levels:

  • Inline code comments for non-obvious implementation details
  • Architecture decision records for significant design choices
  • User-facing documentation and setup guides
  • Contribution guidelines and coding standards in the repository
  • Engineering blog posts covering technical deep dives

Compliance and risk management

We follow industry best practices for secure software development. Regular dependency audits, code signing, and sandboxed builds reduce supply-chain risk. Rockxy collects no user data, which simplifies regulatory compliance. If you discover a security vulnerability, please report it responsibly by emailing rockxyapp@gmail.com. Do not open a public issue for security-critical bugs.

Continuous improvement

  • Post-release retrospectives to identify process improvements
  • Regular review of tooling, dependencies, and build infrastructure
  • Community feedback integrated into the development process
  • Knowledge sharing through blog posts and open discussions

Related evidence: Rockxy privacy policy, why Rockxy is open source, and how Rockxy handles HTTPS interception.

Changes to this policy

Updates to this policy are versioned in the Rockxy source repository on GitHub. The "Last updated" date at the top reflects the most recent revision. Material changes will be noted in the project changelog.

Contact

If you have questions about this policy or our development process, reach out via email at rockxyapp@gmail.com or open an issue on GitHub.