Contributing to BouncerFox

Thanks for your interest in contributing! BouncerFox CLI is written in Go (1.25+) and licensed under Apache 2.0. The repo is at github.com/bouncerfox/cli.

Ways to Contribute

Report bugs. Open an issue with reproduction steps.
Suggest detection rules. Spotted a risk pattern in AI configs? Open an issue describing it.
Submit rule improvements. PRs for new rules, better patterns, fewer false positives.
Improve documentation. Fix typos, add examples, clarify explanations.
Share your experience. Blog posts, talks, or discussions about AI config security.

Development Setup

git clone https://github.com/bouncerfox/cli.git
cd cli

# Run tests
go test ./... -race

# Build locally
go build -o bouncerfox ./cmd/bouncerfox

# Run the CLI locally
./bouncerfox scan ../your-project

Adding a Detection Rule

Rules live in pkg/rules/, organized by category: sec.go, qa.go, cfg.go, ps.go.
Register the rule in pkg/rules/registry.go.
Add test cases in the corresponding _test.go file (at least one positive match and one negative).
Update the documentation with the new rule.
Open a PR with context for why this pattern is risky.

Code of Conduct

Be respectful, constructive, and inclusive. We're all here to make AI agent tooling safer.

Ways to Contribute​

Development Setup​

Adding a Detection Rule​

Code of Conduct​

Ways to Contribute

Development Setup

Adding a Detection Rule

Code of Conduct