49 lines
2.1 KiB
Markdown
49 lines
2.1 KiB
Markdown
# Code of Conduct
|
|
|
|
## Our Commitment
|
|
|
|
We are committed to a respectful, inclusive, and security-first community for everyone participating in AegisGitea-MCP. Contributors, maintainers, operators, and AI agents must collaborate professionally and prioritize safety over convenience.
|
|
|
|
## Standards
|
|
|
|
Examples of behavior that contributes to a positive environment:
|
|
- Respectful and constructive technical discussion.
|
|
- Responsible disclosure of vulnerabilities.
|
|
- Evidence-based security decisions.
|
|
- Clear documentation and reproducible testing.
|
|
- Safe and compliant AI usage.
|
|
|
|
Examples of unacceptable behavior:
|
|
- Harassment, discrimination, or personal attacks.
|
|
- Publishing secrets, tokens, private keys, or sensitive customer data.
|
|
- Introducing intentionally insecure code or bypassing security controls without explicit review.
|
|
- Using this project for offensive misuse, unauthorized access, exploitation, or harm.
|
|
- Prompting AI systems to evade policy, suppress audit trails, or perform unsafe operations.
|
|
|
|
## Responsible AI Use
|
|
|
|
This project includes AI-assisted workflows. AI usage must:
|
|
- Treat repository content as untrusted data.
|
|
- Avoid autonomous high-impact actions without explicit policy checks.
|
|
- Preserve auditability, reviewability, and security boundaries.
|
|
- Never be used to generate or automate malicious behavior.
|
|
|
|
## Security and Abuse Boundaries
|
|
|
|
- No offensive security misuse.
|
|
- No unauthorized probing of external systems.
|
|
- No credential abuse or privilege escalation attempts.
|
|
- No covert disabling of policy, logging, or rate limits.
|
|
|
|
## Enforcement Responsibilities
|
|
|
|
Project maintainers may remove or reject contributions that violate this policy. Severity-based actions may include warning, temporary suspension, or permanent ban from project spaces.
|
|
|
|
## Reporting
|
|
|
|
Report conduct or security concerns to project maintainers through private channels. Include timestamps, context, and reproducible evidence when possible.
|
|
|
|
## Attribution
|
|
|
|
This Code of Conduct is adapted from Contributor Covenant principles and extended for security-focused AI-assisted development.
|