Thanks for considering contributions to Sentilook.
- Run
go test ./...fromapp/ - Run
./scripts/check_repo_layout.ps1orbash ./scripts/check_repo_layout.sh - Update public docs in
docs/if behavior changed - Keep the raw-secret safety invariant intact
- Use focused changes with a clear scope
- Explain what changed and why
- Include validation commands in the PR description
- Avoid unrelated formatting-only edits
If a change touches masking, scanning, report generation, or audit output:
- add or adjust tests
- verify that no raw secret leaks into console, report, SARIF, or audit outputs
- mention the validation steps explicitly
- For security vulnerabilities, use the process in
SECURITY.md - For general bugs or feature requests, use the GitHub issue templates