cf86a91e4a
- Remove all .github references (removed in 6c644dd but docs still referenced)
- Rewrite review-pr skill to use Gitea API instead of gh CLI
- Add gitea-pr.sh helper for Gitea API calls (view/diff/files/comments)
- Update project structure tree: add scripts/, .woodpecker.yml, ci-cd.md,
status-update-checklist.md, commit-docs-reminder.sh, RESEARCH-SDD-TOOLS.md
- Fix skills count 14 → 15 (add create-skill to DOCS.md)
- Remove .github references from CONTRIBUTING.md, SECURITY.md, init-project
- Add GITEA_TOKEN to .env.example
- Update CI/CD placeholder in RECOMMENDATIONS.md to Woodpecker
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
36 lines
988 B
Markdown
36 lines
988 B
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you discover a security vulnerability in this project, please report it responsibly.
|
|
|
|
**Do not open a public issue.** Instead:
|
|
|
|
1. Email: **[your-security-email@example.com]** (replace with your contact)
|
|
|
|
### What to include
|
|
|
|
- Description of the vulnerability
|
|
- Steps to reproduce
|
|
- Potential impact
|
|
- Suggested fix (if any)
|
|
|
|
### Response timeline
|
|
|
|
- **Acknowledgment:** within 48 hours
|
|
- **Assessment:** within 7 days
|
|
- **Fix or mitigation:** depends on severity
|
|
|
|
## Security Practices
|
|
|
|
This project follows security best practices documented in:
|
|
|
|
- `docs/backend/security.md` — authentication, authorization, audit logging
|
|
- `docs/llm/safety.md` — LLM safety, prompt injection defense, privacy
|
|
- `RULES.md` — repository-wide security constraints
|
|
- `agents/security-auditor.md` — security review agent profile
|
|
|
|
## Scope
|
|
|
|
This policy applies to the codebase in this repository. Third-party dependencies are managed separately.
|