This repository follows a Zero-Trust security model. We prioritize the integrity of the infrastructure and the protection of sensitive architectural data.
We only provide security updates for the current major version.
| Version | Supported |
|---|---|
| v1.x | ✅ |
| < v1.0 | ❌ |
If you discover a security vulnerability, please do NOT open a public issue. We take security seriously and prefer a coordinated disclosure.
Please report vulnerabilities directly to the maintainer:
- Contact: @wistant
- Encryption: If possible, encrypt your report using a secure channel.
Every interaction with the codebase (commits, refactors, releases) triggers a scan for:
- Exposed secrets (tokens, API keys, private keys).
- Context leaks (internal paths, IPs, machine names).
- Insecure API logic or missing sanitization.
We use strictly audited dependencies.
- All packages are scanned via
pnpm audit. - Critical CVEs in core libraries results in an immediate suspension of the release flow until resolved.
Sensitive configuration files and release manifests are strictly isolated from the standard development cycle to prevent accidental leakage.
Architectural Integrity • Security First • @wistant dotfiles baseline