If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue
- Email: adam@arpe.engineering
- Include: description, steps to reproduce, potential impact
We will respond within 48 hours and work on a fix.
- All secrets loaded from environment variables (
.envgitignored) - No API keys, tokens, IP addresses, or passwords in source code
- Security quality gate scans for:
eval(), hardcoded keys, private keys, IP addresses, hardcoded passwords - Public repo — assume everything in source is visible
| Version | Supported |
|---|---|
| 0.x.x | Yes |