Thank you for helping keep ReconScript safe, scoped, and respectful of consent.
- Only contribute features that preserve read-only reconnaissance. Never add intrusive or destructive functionality.
- All scans must remain single-target by default. CIDR support is opt-in via
ALLOW_CIDR=true. - Non-local targets require a signed scope manifest and consent verification. Never ship production keys in the repository.
- Evidence level defaults to
low.highevidence must remain explicitly gated behind signed consent. - Do not expose the Flask UI publicly unless
ENABLE_PUBLIC_UI=trueandENABLE_RBAC=trueare set. The UI warns when public mode is active.
- Create and activate a Python 3.11 virtual environment.
- Install dependencies:
pip install -r requirements.txt -r requirements-dev.txt
- Copy
.env.exampleto.envand adjust values as needed. - Run formatting and linting before pushing:
black . ruff check .
- Execute unit tests:
pytest -m "not integration" - Integration tests are optional and rely on explicit opt-in:
INTEGRATION=true INTEGRATION_SCANME=true pytest -m integration
- Every pull request must include an entry in
results/index.jsononly through the automated report writing; never edit index files manually. - Include updates to documentation when you add or change functionality, especially around consent workflows.
- Sign off commits according to the DCO in
DCO.txt. - New features must include relevant unit tests and, when applicable, integration tests guarded by the
integrationmarker.