Code of Conduct
May 28, 2026 ยท View on GitHub
Our pledge
We pledge to keep the keyhog community a place where any contributor or user can participate without harassment, regardless of background, identity, or experience level. The project lives on bug reports, false-positive corrections, detector contributions, and adversarial test cases from people across every stack. We need every voice that has signal.
Standards
Behavior that earns trust:
- File the bug. Tell us the exact regex, the exact input, the exact line number. Even if you suspect it's your fault, file it.
- Disagree with the code, not the contributor.
- Surface a missing detector with a public example so we can ship a test.
- Acknowledge when you're wrong. Reviewers and authors both.
Behavior that gets you removed:
- Harassment, slurs, doxxing, or targeted personal attacks in any project forum (issues, PRs, discussions, Discord, social media as keyhog).
- Sharing real secrets in issues or PRs. Always redact before posting. We treat live credentials as malicious payloads against the project's users.
- Dumping spam, AI-generated PR walls, or coordinated swarms without prior discussion.
Scope
This applies in every space the project owns: GitHub repos under
santhsecurity/, official documentation sites, the blog, and any chat
channel labeled as keyhog or Santh. It also applies when you represent the
project externally (talks, demos, recordings).
Enforcement
Report incidents to security@santh.dev. We aim to respond within 72 hours. Reports stay confidential to the maintainer team handling them. We will not retaliate against good-faith reporters.
Consequences scale with severity. A first private warning, a temporary interaction limit, or a permanent ban from project spaces are all on the table. We document each case for our own future reference.
Attribution
This document is informed by the Contributor Covenant v2.1 but written specifically for the keyhog community. The original Covenant is licensed CC BY 4.0.