FightCSAM

FightCSAM

Open-source tools to detect, report, and prevent CSAM — for developers and their coding agents.

FightCSAM is the developer front door to eleven open-source, Apache-2.0 building blocks for fighting child sexual abuse material (CSAM). Each tool does one job well and composes with the others into a compliance-defensible pipeline.

Detect

Find known and near-duplicate CSAM in user-generated content.

hashkit (Rust / WASM)

PDQ perceptual hashing — turn an image into a robust fingerprint, with NCMEC-conformance vectors.

hashkit-match (Rust)

Match query hashes against a known-bad list, with false-positive guards for collages and sticker sheets.

csam-shield (Node + Python)

Pluggable CSAM-detection middleware for your upload pipeline (Express / Fastify / Hono / ASGI).

hashstream (Go)

Distribute and sync Ed25519-signed hash-list snapshots across your fleet.

Report & preserve

Meet statutory reporting and evidence-preservation obligations (§2258A).

cybertip-cli (Node + Python)

File NCMEC CyberTipline reports from code or CLI. Production submit stays counsel-gated.

evidencevault (Go)

Preserve evidence with chain-of-custody, content-addressing, and retention windows.

Prevent (AI generation)

Stop CSAM from being generated or trained on in the first place.

promptshield (Python)

Screen text prompts for CSAM-generation intent before they reach an image/video model.

trainguard (Python)

Screen training datasets for known-bad content before you train on them.

Provenance & care

Sign what you generate; protect the humans who review.

c2pa-lite (Rust)

Attach C2PA content credentials to media you generate (provenance / authenticity).

safemod (Rust)

Privacy-preserving moderator wellbeing: blur-by-default rendering, exposure limits, k-anonymous signals.

Verify

Prove your pipeline works — in CI, without touching real CSAM.

detectkit-test (Python)

Deterministic synthetic fixtures so you can test detection end-to-end with zero real material.

Built for coding agents

FightCSAM treats an AI coding agent as a first-class visitor:

  • /llms.txt — a curated, machine-readable index of the whole site.
  • /llms-full.txt — the entire docs corpus as one Markdown file.
  • Per-page raw Markdown at /llms.mdx/... — no HTML scraping, no JS execution.
  • Static export — every page is in the initial HTML; curl gets the full content.

Coming next (see the release plan): a /.well-known/fightsam.json package manifest, the guided golden path, the create-fightcsam scaffolder, and a docs MCP server.

Coding-agent skill

A Claude Agent Skill that teaches your coding agent to wire CSAM safety with the FightCSAM tools and the right ecosystem tools — correct installs, gates honored.

On this page

DetectReport & preservePrevent (AI generation)Provenance & careVerifyBuilt for coding agents