Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

Security fixes target the latest state of main.

Rulebook

The authoritative operating rules and incident playbook live in:

docs/SECURITY_RULEBOOK.md

All contributors are expected to follow that document for day-to-day security workflow and incident handling.

Reporting Security Issues

Do not open public issues for sensitive vulnerabilities.

Use:

GitHub Security Advisory (preferred)
Maintainer private contact

Include:

What is affected
Reproduction details
Impact severity

Secret Leakage Response

If a secret is exposed:

Revoke/rotate immediately.
Remove secret from current branch.
Rewrite history if needed.
Re-run:
- pre-commit run --all-files
- python3 scripts/security_scrub.py
- bash -n bootstrap.sh
- bash -n install.sh
Force-push only with explicit maintainer approval.

Use docs/SECURITY_RULEBOOK.md for command-level incident steps.

Baseline Security Checks

pre-commit run --all-files
scripts/security_scrub.py
bash -n bootstrap.sh
bash -n install.sh
CI workflow: .github/workflows/ci.yml

There aren’t any published security advisories