Contributing
Improve the toolkit without weakening safety boundaries.
Good contributions make the project clearer, safer, easier to test, or more reliable. Contributions should not expand the project toward unauthorized access, bypass guidance, or credential misuse.
Contribution workflow
Set up locally
Clone the repository, install JDK 11 or newer, and run `mvn clean package`.
Make a focused change
Keep behavior, docs, and refactors separate when practical so review stays clear.
Verify and document
Update README, changelog, or docs pages when behavior changes, and explain the verification in the pull request.
Authenticator changes
Authenticator work needs extra care because it touches credential flows. New methods should use explicit timeouts, avoid logging secrets, return stable result codes, and treat unexpected page shapes as unknown or parse failures.
Review expectation: a new authenticator should be easy to mock, easy to reason about, and safe when an upstream service changes.
Community files
CONTRIBUTING.md
Setup, branch, pull request, and authenticator guidance.
CODE_OF_CONDUCT.md
Community standards, reporting, and enforcement expectations.
SECURITY.md
Supported version, responsible disclosure, and credential safety.
ROADMAP.md
Testing, retries, async API, Maven Central, and safer integration goals.
Before opening a PR
- Run `mvn clean package`.
- Confirm no credentials, cookies, private identifiers, or personal data are included.
- Update docs and changelog when behavior changes.
- Explain what changed, why it changed, and how it was verified.