Security and responsible use

This aligns with CONTRIBUTING.md and the Responsible use section of the repo README.

Updated

Secrets and configuration

  • Do not commit API keys, tokens, or raw .env contents into docs, tests, or examples.
  • Prefer environment profiles documented in Model routing and local-only files ignored by git.
  • Library code should not log full authorization headers or secrets.

Content and automation

Use LCDL only on material you have rights to automate (internal QA, owned practice content, authorized ingestion). Do not use tasks to bypass paywalls, logins, CAPTCHA, rate limits, proctoring, or anti-abuse controls.

Browser and MCP

Playwright and MCP integrations run in consumer-controlled contexts; policy (allowed hosts, headless vs headed) is a consumer concern.

Observability

When adding logging, redact secrets and large payload bodies in shared environments.

See also