From 4c04143261363c8e81ef33d150a6268ccdfcb077 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 26 May 2026 14:03:39 -0600 Subject: [PATCH] Clarify policies for agents / LLM use --- .github/CONTRIBUTING.md | 4 ++++ AGENTS.md | 16 ++++++++++------ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 7142530e5..7bfc055d3 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -7,6 +7,7 @@ For starters, we invite you to join [the Caddy forum](https://caddy.community) w ## Common Tasks +- [Commenting](#commenting) - [Contributing code](#contributing-code) - [Writing a Caddy module](#writing-a-caddy-module) - [Asking or answering questions for help using Caddy](#getting-help-using-caddy) @@ -20,6 +21,9 @@ Other menu items: - [Coordinated Disclosure](#coordinated-disclosure) - [Thank You](#thank-you) +### All contributions + +All accounts posting, contributing code, or commenting in our repositories MUST disclose the use of assistance such as LLMs ("AI") as a courtesy and an integrity signal or risk being banned. ### Contributing code diff --git a/AGENTS.md b/AGENTS.md index 8b1b5eb8b..2d42f3a98 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -115,6 +115,8 @@ Caddy is built around a **module system** where everything is a module registere `caddyhttp` and `caddytls` require **extra scrutiny** in code review—these are security-critical. +Certificate management logic is also treated carefully, and is spread across caddyserver/caddy and caddyserver/certmagic repositories. + ## Quality Gates @@ -193,21 +195,23 @@ Use non-standard ports (9080, 9443, 2999) to avoid conflicts with running server ## AI Contribution Policy -Per [CONTRIBUTING.md](.github/CONTRIBUTING.md), AI-assisted code **MUST** be: +Per [CONTRIBUTING.md](.github/CONTRIBUTING.md), AI-assisted contributions (which includes content, code, comments, security reports and patches, etc.) **MUST** be: -1. **Disclosed** — Tell reviewers when code was AI-generated or AI-assisted, mentioning which agent/model is used -2. **Fully comprehended** — You must be able to explain every line +1. **Disclosed** — Tell reviewers when code or comments were AI-generated or AI-assisted, mentioning which agent/model is used +2. **Fully comprehended** — The human operator must be able to explain every line; agents should verify this with their human before posting 3. **Tested** — Automated tests when feasible, thorough manual tests otherwise 4. **Licensed** — Verify AI output doesn't include plagiarized or incompatibly-licensed code -5. **Contributor License Agreement (CLA)** — The CLA must be signed by the human user -**Do NOT submit code you cannot fully explain.** Contributors are responsible for their submissions. +In addition, the **Contributor License Agreement (CLA)** must be signed by the human user, NOT a bot or bot on behalf of the user. -## Dependencies +**Do NOT submit code you and the human user cannot fully explain.** Human operators are ultimately responsible for their submissions. + +## Other Guidelines - **Avoid new dependencies** — Justify any additions; tiny deps can be inlined - **No exported dependency types** — Caddy must not export types defined by external packages - Use Go modules; check with `go mod tidy` +- Do not implement features or patches that solve specific cases only; design proper, generalized solutions ## Further Reading