DirectPilot integrates with advertising and analytics APIs. Treat all credentials, account identifiers, campaign data, and budget-changing operations as sensitive.
DirectPilot is currently public beta. Security fixes are prioritized over feature work, but APIs and internal contracts may still change.
Please do not open public issues with secrets, exploit details, tokens, screenshots containing credentials, or private customer/account data.
Use a private maintainer contact or GitHub private vulnerability reporting if enabled. Include:
- affected version/commit;
- vulnerable endpoint or file;
- reproduction steps using redacted placeholders;
- expected vs actual behavior;
- whether live write/budget/campaign state can be affected.
Never commit or paste:
YANDEX_OAUTH_TOKENYANDEX_CLIENT_SECRETYANDEX_SEARCH_API_KEYYANDEX_METRIKA_OAUTH_TOKEN- real OAuth authorization codes
- raw
.envfiles - private customer/campaign exports
If a secret is exposed, rotate it immediately in Yandex and remove it from git history before publishing.
Security-sensitive write gates:
- default mode is
live_readonly; - live writes require
DIRECTPILOT_MODE=live_write; - write requests require
approved=true; - write requests require an
idempotency_key; dry_run=truemust not mutate external state;- readonly rejection must happen before external mutation calls.
Any PR that changes these gates requires maintainer review and test evidence.
Dependencies should be minimal. New dependencies must have a clear reason and should be compatible with server-side FastAPI usage. CI runs tests and security checks on pull requests.