feat: harden gateway with policy engine, secure tools, and governance docs
This commit is contained in:
48
CODE_OF_CONDUCT.md
Normal file
48
CODE_OF_CONDUCT.md
Normal file
@@ -0,0 +1,48 @@
|
||||
# Code of Conduct
|
||||
|
||||
## Our Commitment
|
||||
|
||||
We are committed to a respectful, inclusive, and security-first community for everyone participating in AegisGitea-MCP. Contributors, maintainers, operators, and AI agents must collaborate professionally and prioritize safety over convenience.
|
||||
|
||||
## Standards
|
||||
|
||||
Examples of behavior that contributes to a positive environment:
|
||||
- Respectful and constructive technical discussion.
|
||||
- Responsible disclosure of vulnerabilities.
|
||||
- Evidence-based security decisions.
|
||||
- Clear documentation and reproducible testing.
|
||||
- Safe and compliant AI usage.
|
||||
|
||||
Examples of unacceptable behavior:
|
||||
- Harassment, discrimination, or personal attacks.
|
||||
- Publishing secrets, tokens, private keys, or sensitive customer data.
|
||||
- Introducing intentionally insecure code or bypassing security controls without explicit review.
|
||||
- Using this project for offensive misuse, unauthorized access, exploitation, or harm.
|
||||
- Prompting AI systems to evade policy, suppress audit trails, or perform unsafe operations.
|
||||
|
||||
## Responsible AI Use
|
||||
|
||||
This project includes AI-assisted workflows. AI usage must:
|
||||
- Treat repository content as untrusted data.
|
||||
- Avoid autonomous high-impact actions without explicit policy checks.
|
||||
- Preserve auditability, reviewability, and security boundaries.
|
||||
- Never be used to generate or automate malicious behavior.
|
||||
|
||||
## Security and Abuse Boundaries
|
||||
|
||||
- No offensive security misuse.
|
||||
- No unauthorized probing of external systems.
|
||||
- No credential abuse or privilege escalation attempts.
|
||||
- No covert disabling of policy, logging, or rate limits.
|
||||
|
||||
## Enforcement Responsibilities
|
||||
|
||||
Project maintainers may remove or reject contributions that violate this policy. Severity-based actions may include warning, temporary suspension, or permanent ban from project spaces.
|
||||
|
||||
## Reporting
|
||||
|
||||
Report conduct or security concerns to project maintainers through private channels. Include timestamps, context, and reproducible evidence when possible.
|
||||
|
||||
## Attribution
|
||||
|
||||
This Code of Conduct is adapted from Contributor Covenant principles and extended for security-focused AI-assisted development.
|
||||
Reference in New Issue
Block a user