From 906d810baf8d71aa8564709db1b6894366cda274 Mon Sep 17 00:00:00 2001 From: Stavros Date: Mon, 27 Apr 2026 16:31:11 +0300 Subject: [PATCH 1/5] docs: add ai policy --- AI_POLICY.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 AI_POLICY.md diff --git a/AI_POLICY.md b/AI_POLICY.md new file mode 100644 index 00000000..bcaaaeea --- /dev/null +++ b/AI_POLICY.md @@ -0,0 +1,23 @@ +# AI Usage Policy + +Tinyauth has rules regarding the use of LLM-generated content. The following guidelines must be followed when using AI-generated content in Tinyauth: + +- **All usage must be clearly labeled**: Any content generated by an LLM must be clearly labeled as such. This includes any text, code, or other content that is generated by an LLM. + +- **All LLM-generated content should be understood and verified by the account holder**: The human who utilized the LLM must have a thorough understanding of the content generated by the LLM. This includes understanding the implications of using the generated content and being able to explain it to others if necessary. + +- **Automated systems are not allowed**: All forms of automated systems that utilize LLMs to generate content without human oversight are strictly prohibited. This includes any system that generates content without a human being directly involved in the process like for example OpenClaw. + +- **No LLM-generated content other than text is allowed**: The only type of content that can be generated by an LLM and used in Tinyauth is text/code. Any other type of content generated by an LLM cannot be used with the license and thus does not have clear ownership. + +- **LLM pull requests are not guaranteed to be accepted or prioritized**: Any pull request that contains LLM-generated content is not guaranteed to be accepted and/or prioritized. The maintainers are responsible for reviewing all pull requests and determining whether or not they meet the standards of the project. LLM-generated content will be reviewed with the same standards as any other content, and may be rejected if it does not meet those standards. + +- **Large LLM generated pull requests will be rejected**: Any pull request that contains a large amount of LLM-generated content will be rejected. This is because it is difficult for the maintainers to review and verify large amounts of LLM-generated content. + +## Tinyauth is developed by humans, for humans + +Please remember that Tinyauth is developed by humans. While LLMs can be a useful tool for **assisting** in the development process, they should not be used in place of the actual human brain. Moving forward, we are committed to ensuring that all content in Tinyauth is created and reviewed by humans, and that LLMs are used only as a tool to assist in the development process. + +## Our view on LLMs + +The rules above apply for pull requests that have been generated using prompts, not thoughts. We believe that LLMs can be a useful tool given that it's used responsibly. We ourselves do utilize LLMs to assist in the development process in the form of smarter intelisense (aka in-line generation) and for helping with documentation and brainstorming. We won't judge anyone for using LLMs in the same way and as long as you completely understand (and are responsible) for the content generated, you can skip the above guidelines as we will view the code as yours. From f6e994d834d57515a5e2332bbc1a5a8c5251f09b Mon Sep 17 00:00:00 2001 From: Stavros Date: Mon, 27 Apr 2026 19:01:55 +0300 Subject: [PATCH 2/5] docs: rework ai policy for more clear rules and expectations --- AI_POLICY.md | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/AI_POLICY.md b/AI_POLICY.md index bcaaaeea..f340a7a4 100644 --- a/AI_POLICY.md +++ b/AI_POLICY.md @@ -1,23 +1,27 @@ # AI Usage Policy -Tinyauth has rules regarding the use of LLM-generated content. The following guidelines must be followed when using AI-generated content in Tinyauth: +> [!NOTE] +> By Tinyauth, we refer to the entire Tinyauth ([tinyauthapp](https://github.com/tinyauthapp)) organization and all of the repositories under it. -- **All usage must be clearly labeled**: Any content generated by an LLM must be clearly labeled as such. This includes any text, code, or other content that is generated by an LLM. +## How we utilize AI in Tinyauth -- **All LLM-generated content should be understood and verified by the account holder**: The human who utilized the LLM must have a thorough understanding of the content generated by the LLM. This includes understanding the implications of using the generated content and being able to explain it to others if necessary. +In Tinyauth, we see AI as another tool designed to help developers accelerate their work, ***not*** as something that should be doing the development for them. The ways we utilize large language models in Tinyauth are the following: -- **Automated systems are not allowed**: All forms of automated systems that utilize LLMs to generate content without human oversight are strictly prohibited. This includes any system that generates content without a human being directly involved in the process like for example OpenClaw. +- **Pull request reviews**: We utilize [Coderabbit](https://www.coderabbit.ai/) for reviews in our pull requests which helps us find and fix issues faster, minimizing the time maintainers have to spend reviewing. +- **Documentation and Issues**: We use [Dosu](https://dosu.dev/) to help resolve duplicate issues faster and automatically update our documentation based on changes in the code base. +- **In-Line Suggestions**: GitHub's [Copilot](https://github.com/features/copilot) is partially used to fill in boilerplate code through in-line suggestions. -- **No LLM-generated content other than text is allowed**: The only type of content that can be generated by an LLM and used in Tinyauth is text/code. Any other type of content generated by an LLM cannot be used with the license and thus does not have clear ownership. +## How we expect the community to use AI -- **LLM pull requests are not guaranteed to be accepted or prioritized**: Any pull request that contains LLM-generated content is not guaranteed to be accepted and/or prioritized. The maintainers are responsible for reviewing all pull requests and determining whether or not they meet the standards of the project. LLM-generated content will be reviewed with the same standards as any other content, and may be rejected if it does not meet those standards. +We expect the Tinyauth community to use AI as a tool for faster development and not as a way to implement entire features through prompts. For this reason, the following guidelines are in place for AI generated content: -- **Large LLM generated pull requests will be rejected**: Any pull request that contains a large amount of LLM-generated content will be rejected. This is because it is difficult for the maintainers to review and verify large amounts of LLM-generated content. +- **All usage must be clearly labeled**: Any content generated by AI must be clearly labeled as such. In case a pull request is clearly generated by AI and the author fails to disclose its use, it will be rejected. +- **All generated content should be completely understood by the account holder**: The human who utilized the large language model to generate content must have a thorough understanding of it. This includes understanding the resulting output to the full extend and being able to explain it in detail in case it's needed. +- **Automated systems are not allowed**: All forms of automated systems that utilize large language models to generate content without human oversight are forbidden. This includes any system that generates content without a human being directly involved in the process like for example with OpenClaw. +- **No generated content other than text is allowed**: The only type of content that can be generated by AI and used in Tinyauth is text. Any other type of content generated by AI cannot be used as it cannot be licensed. +- **AI pull requests are not guaranteed to be accepted or prioritized**: Any pull request that contains AI generated content is not guaranteed to be accepted and/or prioritized. The maintainers are responsible for reviewing all pull requests and determining whether or not they meet the standards of the project. AI generated content will be reviewed with the same standards as any other content, and may be rejected if it does not meet those standards. +- **Large generated pull requests will be rejected**: Any pull request that contains a large amount of generated content will be rejected. This is because it is difficult for the maintainers to review and verify large amounts of generated content. ## Tinyauth is developed by humans, for humans -Please remember that Tinyauth is developed by humans. While LLMs can be a useful tool for **assisting** in the development process, they should not be used in place of the actual human brain. Moving forward, we are committed to ensuring that all content in Tinyauth is created and reviewed by humans, and that LLMs are used only as a tool to assist in the development process. - -## Our view on LLMs - -The rules above apply for pull requests that have been generated using prompts, not thoughts. We believe that LLMs can be a useful tool given that it's used responsibly. We ourselves do utilize LLMs to assist in the development process in the form of smarter intelisense (aka in-line generation) and for helping with documentation and brainstorming. We won't judge anyone for using LLMs in the same way and as long as you completely understand (and are responsible) for the content generated, you can skip the above guidelines as we will view the code as yours. +Please remember that Tinyauth is developed by humans. While AI can be a useful tool for **assisting** in the development process, it should not be used in place of the human brain. Moving forward, we are committed to ensuring that most, if not all the content in Tinyauth is created and reviewed by humans, and that AI is only used as a tool to assist in the development process. From 63cc0818535ee9d83d41275548820bc3c040304f Mon Sep 17 00:00:00 2001 From: Stavros Date: Mon, 27 Apr 2026 20:19:44 +0300 Subject: [PATCH 3/5] chore: review comments --- AI_POLICY.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/AI_POLICY.md b/AI_POLICY.md index f340a7a4..fa0faed5 100644 --- a/AI_POLICY.md +++ b/AI_POLICY.md @@ -7,7 +7,7 @@ In Tinyauth, we see AI as another tool designed to help developers accelerate their work, ***not*** as something that should be doing the development for them. The ways we utilize large language models in Tinyauth are the following: -- **Pull request reviews**: We utilize [Coderabbit](https://www.coderabbit.ai/) for reviews in our pull requests which helps us find and fix issues faster, minimizing the time maintainers have to spend reviewing. +- **Pull request reviews**: We utilize [CodeRabbit](https://www.coderabbit.ai/) for reviews in our pull requests which helps us find and fix issues faster, minimizing the time maintainers have to spend reviewing. - **Documentation and Issues**: We use [Dosu](https://dosu.dev/) to help resolve duplicate issues faster and automatically update our documentation based on changes in the code base. - **In-Line Suggestions**: GitHub's [Copilot](https://github.com/features/copilot) is partially used to fill in boilerplate code through in-line suggestions. @@ -15,10 +15,10 @@ In Tinyauth, we see AI as another tool designed to help developers accelerate th We expect the Tinyauth community to use AI as a tool for faster development and not as a way to implement entire features through prompts. For this reason, the following guidelines are in place for AI generated content: -- **All usage must be clearly labeled**: Any content generated by AI must be clearly labeled as such. In case a pull request is clearly generated by AI and the author fails to disclose its use, it will be rejected. +- **All usage must be clearly labeled**: Any content generated by AI must be clearly labeled as such. In the case that a pull request is clearly generated by AI and the author fails to disclose its use, it will be rejected. - **All generated content should be completely understood by the account holder**: The human who utilized the large language model to generate content must have a thorough understanding of it. This includes understanding the resulting output to the full extend and being able to explain it in detail in case it's needed. - **Automated systems are not allowed**: All forms of automated systems that utilize large language models to generate content without human oversight are forbidden. This includes any system that generates content without a human being directly involved in the process like for example with OpenClaw. -- **No generated content other than text is allowed**: The only type of content that can be generated by AI and used in Tinyauth is text. Any other type of content generated by AI cannot be used as it cannot be licensed. +- **No generated content other than text is allowed**: The only type of content that can be generated by AI and used in Tinyauth is text. - **AI pull requests are not guaranteed to be accepted or prioritized**: Any pull request that contains AI generated content is not guaranteed to be accepted and/or prioritized. The maintainers are responsible for reviewing all pull requests and determining whether or not they meet the standards of the project. AI generated content will be reviewed with the same standards as any other content, and may be rejected if it does not meet those standards. - **Large generated pull requests will be rejected**: Any pull request that contains a large amount of generated content will be rejected. This is because it is difficult for the maintainers to review and verify large amounts of generated content. From 0a6737891cb332cf633aa76631b64ee443f04455 Mon Sep 17 00:00:00 2001 From: Stavros Date: Mon, 27 Apr 2026 20:22:56 +0300 Subject: [PATCH 4/5] chore: rabbit feedback --- AI_POLICY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AI_POLICY.md b/AI_POLICY.md index fa0faed5..92307816 100644 --- a/AI_POLICY.md +++ b/AI_POLICY.md @@ -16,7 +16,7 @@ In Tinyauth, we see AI as another tool designed to help developers accelerate th We expect the Tinyauth community to use AI as a tool for faster development and not as a way to implement entire features through prompts. For this reason, the following guidelines are in place for AI generated content: - **All usage must be clearly labeled**: Any content generated by AI must be clearly labeled as such. In the case that a pull request is clearly generated by AI and the author fails to disclose its use, it will be rejected. -- **All generated content should be completely understood by the account holder**: The human who utilized the large language model to generate content must have a thorough understanding of it. This includes understanding the resulting output to the full extend and being able to explain it in detail in case it's needed. +- **All generated content should be completely understood by the account holder**: The human who utilized the large language model to generate content must have a thorough understanding of it. This includes understanding the resulting output to the full extent and being able to explain it in detail in case it's needed. - **Automated systems are not allowed**: All forms of automated systems that utilize large language models to generate content without human oversight are forbidden. This includes any system that generates content without a human being directly involved in the process like for example with OpenClaw. - **No generated content other than text is allowed**: The only type of content that can be generated by AI and used in Tinyauth is text. - **AI pull requests are not guaranteed to be accepted or prioritized**: Any pull request that contains AI generated content is not guaranteed to be accepted and/or prioritized. The maintainers are responsible for reviewing all pull requests and determining whether or not they meet the standards of the project. AI generated content will be reviewed with the same standards as any other content, and may be rejected if it does not meet those standards. From 37f927a570d6e998f34a218d689d7646244cc590 Mon Sep 17 00:00:00 2001 From: Stavros Date: Mon, 27 Apr 2026 20:36:24 +0300 Subject: [PATCH 5/5] chore: update contributing guide to reference ai policy --- AI_POLICY.md | 2 +- CONTRIBUTING.md | 3 +++ SECURITY.md | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/AI_POLICY.md b/AI_POLICY.md index 92307816..7be9089b 100644 --- a/AI_POLICY.md +++ b/AI_POLICY.md @@ -18,7 +18,7 @@ We expect the Tinyauth community to use AI as a tool for faster development and - **All usage must be clearly labeled**: Any content generated by AI must be clearly labeled as such. In the case that a pull request is clearly generated by AI and the author fails to disclose its use, it will be rejected. - **All generated content should be completely understood by the account holder**: The human who utilized the large language model to generate content must have a thorough understanding of it. This includes understanding the resulting output to the full extent and being able to explain it in detail in case it's needed. - **Automated systems are not allowed**: All forms of automated systems that utilize large language models to generate content without human oversight are forbidden. This includes any system that generates content without a human being directly involved in the process like for example with OpenClaw. -- **No generated content other than text is allowed**: The only type of content that can be generated by AI and used in Tinyauth is text. +- **No generated content other than text is allowed**: Images, videos, audio and any other form of content generated by AI other than text is not allowed in Tinyauth. - **AI pull requests are not guaranteed to be accepted or prioritized**: Any pull request that contains AI generated content is not guaranteed to be accepted and/or prioritized. The maintainers are responsible for reviewing all pull requests and determining whether or not they meet the standards of the project. AI generated content will be reviewed with the same standards as any other content, and may be rejected if it does not meet those standards. - **Large generated pull requests will be rejected**: Any pull request that contains a large amount of generated content will be rejected. This is because it is difficult for the maintainers to review and verify large amounts of generated content. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2b443149..2cbcc023 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,6 +2,9 @@ Contributing to Tinyauth is straightforward. Follow the steps below to set up a development server. +> [!NOTE] +> If you are using large language models to contribute to the project, please ensure that you have read and understood the [AI Policy](AI_POLICY.md). + ## Requirements - Bun diff --git a/SECURITY.md b/SECURITY.md index f6da0f5d..3665ec58 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,4 +6,4 @@ It is recommended to use the [latest](https://github.com/tinyauthapp/tinyauth/re ## Reporting a Vulnerability -Due to the nature of this app, it needs to be secure. If you discover any security issues or vulnerabilities in the app please contact me as soon as possible at . Please do not use the issues section to report security issues as I won't be able to patch them in time and they may get exploited by malicious actors. +Due to the nature of this app, it needs to be secure. If you discover any security issues or vulnerabilities in the app please contact me as soon as possible at . Please do not use the issues section to report security issues as I won't be able to patch them in time and they may get exploited by malicious actors.