From 91faddb9b4247362a934b38244b6bcfc5df3732a Mon Sep 17 00:00:00 2001 From: Xuan Son Nguyen Date: Sun, 30 Nov 2025 17:46:42 +0100 Subject: [PATCH 1/2] contributing: update guidelines for AI-generated code --- CONTRIBUTING.md | 1 + SECURITY.md | 2 ++ 2 files changed, 3 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b808fa31eaf..ac1370c35db 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -19,6 +19,7 @@ The project differentiates between 3 levels of contributors: - If your PR becomes stale, don't hesitate to ping the maintainers in the comments - Maintainers will rely on your insights and approval when making a final decision to approve and merge a PR - Consider adding yourself to [CODEOWNERS](CODEOWNERS) to indicate your availability for reviewing related PRs +- Using AI to generate PRs is permitted. However, you must (1) explicitly disclose how AI was used and (2) conduct a thorough manual review before publishing the PR. This is required if more than 50% of the code is AI-generated (excluding trivial tab auto-completions) # Pull requests (for maintainers) diff --git a/SECURITY.md b/SECURITY.md index 9749e95b715..9c86ae91b5c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -65,4 +65,6 @@ However, If you have discovered a security vulnerability in this project, please Please disclose it as a private [security advisory](https://github.com/ggml-org/llama.cpp/security/advisories/new). +Please note that using AI to identify vulnerabilities and generate reports is permitted. However, you must (1) explicitly disclose how AI was used and (2) conduct a thorough manual review before submitting the report. + A team of volunteers on a reasonable-effort basis maintains this project. As such, please give us at least 90 days to work on a fix before public exposure. From 874c877bde46bae01561f45f12ebfb0c3e98d6e1 Mon Sep 17 00:00:00 2001 From: Xuan Son Nguyen Date: Sun, 30 Nov 2025 17:54:44 +0100 Subject: [PATCH 2/2] revise --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ac1370c35db..875eb766f35 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -19,7 +19,7 @@ The project differentiates between 3 levels of contributors: - If your PR becomes stale, don't hesitate to ping the maintainers in the comments - Maintainers will rely on your insights and approval when making a final decision to approve and merge a PR - Consider adding yourself to [CODEOWNERS](CODEOWNERS) to indicate your availability for reviewing related PRs -- Using AI to generate PRs is permitted. However, you must (1) explicitly disclose how AI was used and (2) conduct a thorough manual review before publishing the PR. This is required if more than 50% of the code is AI-generated (excluding trivial tab auto-completions) +- Using AI to generate PRs is permitted. However, you must (1) explicitly disclose how AI was used and (2) conduct a thorough manual review before publishing the PR. Note that trivial tab autocompletions do not require disclosure. # Pull requests (for maintainers)