Contributing to GixyNG

This document explains how to contribute meaningful changes to GixyNG that are helpful, reviewable, and maintainable.

The official homepage of GixyNG is https://gixy.io/. Any changes to documentation in GixyNG will automatically be reflected on that website.

The source code can be found at https://github.com/MegaManSec/GixyNG.

General Expectations

When contributing to this repository:

• Be intentional. Every file and every line in a PR should exist for a clear reason.
• Take responsibility for your changes. If it's in your PR, you own it.

Low-quality contributions in the past have included broken code, random files, filler documentation, and changes the contributor did not fully understand. These guidelines exist to avoid repeating those mistakes. Tread carefully.

GitHub is the main location for contributing.

• Pull requests may be submitted in MegaManSec/GixyNG/pulls.
• Bug reports, suggestions, and other contributions are best handled in MegaManSec/GixyNG/issues.

Pull Request Guidelines

All pull requests should:

• Clearly explain what the change actually does.
• Be minimal and scoped to the problem being solved.
• Contain only files and changes relevant to the PR.

Pull requests must not include:

• Temporary files, scratch files, or tool-generated artifacts.
• Unrelated formatting changes or refactors.
• Emojis, conversational fluff, or filler content in documentation or comments (be it autogenerated or otherwise). In other words, AI slop.

Code Quality Standards

All contributions are expected to meet the same quality bar:

• Changes should be easy to review and reason about.
• Contributors must be able to explain how their code works and why it is correct.

Submitting obviously broken or careless changes will be treated as careless work, regardless of intent.

AI / LLM Tooling Usage Policy

AI tools may be used when contributing to this repository, but they do not change contributor responsibility. If your code AI tool creates low quality code that you attempt to contribute, it means you produce low quality code.

When using AI or other automation:

• You must fully understand, review, and test all generated or assisted output.
• You are responsible for correctness, quality, and maintainability.
• Do not submit copy-pasted output you do not understand.

If AI or automation was used in a material way (i.e. codebase change), you must note it briefly in the pull request description, for example:

• AI usage: yes

You may also wish to include some additional (optional) information such as:

• A short note about what was assisted (e.g. "initial implementation of X", "tests for Y".)
• Which tool was used (e.g. "Copilot", "Claude", "ChatGPT", etc.)

AI-assisted contributions must meet the same standards as hand-written code:

• No broken code.
• No random files or artifacts.
• No filler documentation or generic AI text.

Once again, it is noted that using AI assistance is allowed. But if you submit broken code, low quality commits, or content which screams "this person has no idea what they're doing", your contributions are likely to be completely rejected, and you are likely to be flamed.

This policy was created in response to the extremely low quality changes that were generated and accepted in another Gixy fork. Along with other decisions that reduced the overall effectiveness of the tool and its ability to detect vulnerabilities and misconfigurations in nginx configuration (and overall quality of the codebase), those changes were made without a clear understanding of what the AI-generated code was actually doing, or the actions it was taking. This was the catalyst for creating GixyNG, and more information about this can be read in this blog post.

Note: This document was written with the assistance of ChatGPT.