Plain promises
What pr-captcha does not do.
It does not judge code quality, read private source beyond GitHub metadata, or run contributor code. It records one GitHub-authenticated human receipt for one commit SHA.
What pr-captcha signs, verifies, stores, rate limits, and refuses to execute.
/security.md
ready
Privacy
What metadata is processed for GitHub App, OAuth, Turnstile, and D1 verification records.
/privacy.md
beta
Terms
Beta use terms for maintainers testing the service before a broader public traffic.
/terms.md
ready
Abuse reporting
How maintainers and contributors report bypass attempts, harmful installs, and suspicious activity.
/abuse.md
ready
Incident process
How operators triage, disclose, and recover from service or security incidents.
/incident.md
beta
Beta policy
Scope, limits, support expectation, and best-effort beta language for closed beta repositories.
/beta.md
beta
Support path
Where maintainers ask setup questions, report bugs, and request production help.
/support.md