Interested in Contributing – Looking for Guidance on Getting Started ( GSOC 2026 )

[AnubhavGitHub07]

Hi maintainers,

I’m Anubhav Dwivedi, a 2nd-year BTech CSE student. I recently started exploring C2SI and I’m genuinely interested in contributing and learning from the community. I’m also planning to participate in GSoC 2026.

I had a few questions:

What’s the best way for a newcomer to start contributing effectively?

Are there specific areas of the codebase that are good starting points for new contributors?

How can someone build a consistent and helpful presence in the community over time?

Also, any general tips on what makes a strong GSoC application (especially from a contributor perspective) would be really helpful.

I’d really appreciate any guidance. Looking forward to contributing!

Thanks!

[Shreyas20004]

HHi everyone! 👋

I'm Shreyas Nair, a final-year Computer Engineering student with a deep interest in AI security, privacy, and building responsible systems. I recently came across the PII-Safe – Privacy Guard for Agentic AI & MCP Workflows project idea and I have to say—it immediately grabbed my attention. The challenge of automatically detecting and redacting PII in agentic AI workflows feels incredibly relevant, especially as LLMs are being integrated into more sensitive domains like security logs and incident analysis.

I'm planning to apply for GSoC 2026, and this project is at the top of my list. I love how it combines policy-as-code, entity detection, and real-time sanitization—exactly the kind of cross‑disciplinary work I enjoy.

I had a few questions as I start exploring:

1. Policy representation – You mention using "policy-as-code" to keep privacy rules separate from logic. Are there any existing policy engines (like OPA/Rego) you're considering, or do you plan to build a lightweight custom evaluator? I'd love to understand the design direction better.
2. PII detection – The stack lists spaCy or HuggingFace for entity detection. Are you leaning toward a specific model, and how do you plan to handle structured data (JSON) vs free text? Also, would there be opportunities to experiment with fine-tuning for domain‑specific entities (like internal usernames or customer IDs)?
3. MCP integration – I'm curious about the MCP server mode. Is the goal to make PII-Safe act as a tool that agents can invoke, or more like a transparent middleware layer that intercepts prompts/responses? Any early thoughts on the interface?
4. Getting started – What's the best way for a newcomer to start contributing? Are there any "good first issues" or areas of the codebase that are particularly well‑suited for someone getting familiar with the project? I'd love to help with documentation, tests, or small features while I ramp up.
5. GSoC application tips – Since I'm aiming for GSoC, what do you think makes a strong proposal for a project like this? Any advice on how to stand out (beyond just technical skills) would be super helpful.

I'm really excited about the possibility of contributing to PII-Safe—it's one of those projects that could make AI deployments safer for everyone. Looking forward to learning from the community and hopefully working together!