chore: add CLAUDE.md with Hacken bug bounty PR guidelines by rootulp · Pull Request #404 · celestiaorg/rsmt2d

rootulp · 2026-04-07T19:13:18Z

Summary

Add a CLAUDE.md file with a "Security PRs" section
Instructs Claude to not include bug details in PR descriptions for Hacken bug bounty fixes; instead link to a Linear issue

Closes https://linear.app/celestia/issue/PROTOCO-1445/update-claudemd

Test plan

Verify CLAUDE.md is present at the repo root with the "Security PRs" section

🤖 Generated with Claude Code

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

gemini-code-assist

Code Review

This pull request introduces a CLAUDE.md file to establish guidelines for security-related pull requests, specifically regarding the handling of bug bounty reports. The review feedback suggests expanding these guidelines to include PR titles and all security vulnerabilities, as well as adding standard build and test commands to better support the Claude Code tool.

gemini-code-assist · 2026-04-07T19:20:02Z

CLAUDE.md

+# CLAUDE.md
+


CLAUDE.md is intended to provide context for the Claude Code tool, specifically build and test commands. Including these commands (as found in the README) will allow the tool to operate more effectively within this repository.

Suggested change

# CLAUDE.md

# CLAUDE.md

## Build and Test

- Build: make build

- Test: make test

- Lint: make lint

- Benchmarks: make bench

gemini-code-assist · 2026-04-07T19:20:03Z

CLAUDE.md

+
+## Security PRs
+
+- For PRs that resolve Hacken bug bounty reports, do not include details about the bug in the PR description. Instead, link to a Linear issue that contains more details on the bug and the link to the Hacken bug bounty report.


The guideline should also explicitly mention PR titles, as they are often public and can inadvertently disclose vulnerability details. Additionally, consider generalizing this rule to all security-related PRs, not just Hacken reports, to ensure a consistent security posture for all sensitive fixes.

Suggested change

- For PRs that resolve Hacken bug bounty reports, do not include details about the bug in the PR description. Instead, link to a Linear issue that contains more details on the bug and the link to the Hacken bug bounty report.

- For PRs that resolve security vulnerabilities (including Hacken bug bounty reports), do not include details about the bug in the PR title or description. Instead, link to a Linear issue that contains the vulnerability details and a link to the original report.

chore: add CLAUDE.md with Hacken bug bounty PR guidelines

b7a3484

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

rootulp requested a review from a team as a code owner April 7, 2026 19:13

rootulp requested review from rach-id and removed request for a team April 7, 2026 19:13

rootulp self-assigned this Apr 7, 2026

rootulp enabled auto-merge (squash) April 7, 2026 19:13

rach-id approved these changes Apr 7, 2026

View reviewed changes

rootulp merged commit cfaf813 into main Apr 7, 2026
7 checks passed

rootulp deleted the rootulp/update-claude-md branch April 7, 2026 19:15

gemini-code-assist bot reviewed Apr 7, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: add CLAUDE.md with Hacken bug bounty PR guidelines#404

chore: add CLAUDE.md with Hacken bug bounty PR guidelines#404
rootulp merged 1 commit intomainfrom
rootulp/update-claude-md

rootulp commented Apr 7, 2026

Uh oh!

Uh oh!

gemini-code-assist bot left a comment

Uh oh!

gemini-code-assist bot Apr 7, 2026

Uh oh!

gemini-code-assist bot Apr 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

-# CLAUDE.md
+# CLAUDE.md
+## Build and Test
+- Build: make build
+- Test: make test
+- Lint: make lint
+- Benchmarks: make bench


		## Security PRs

		- For PRs that resolve Hacken bug bounty reports, do not include details about the bug in the PR description. Instead, link to a Linear issue that contains more details on the bug and the link to the Hacken bug bounty report.

	- For PRs that resolve Hacken bug bounty reports, do not include details about the bug in the PR description. Instead, link to a Linear issue that contains more details on the bug and the link to the Hacken bug bounty report.
	- For PRs that resolve security vulnerabilities (including Hacken bug bounty reports), do not include details about the bug in the PR title or description. Instead, link to a Linear issue that contains the vulnerability details and a link to the original report.

Conversation

rootulp commented Apr 7, 2026

Summary

Test plan

Uh oh!

Uh oh!

gemini-code-assist bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

gemini-code-assist bot Apr 7, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist bot Apr 7, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants