We take security vulnerabilities in git-adr seriously. If you discover a security issue, please report it responsibly.

1. Do NOT create a public GitHub issue for security vulnerabilities
2. Email the maintainers directly at: security@example.com (or use GitHub Security Advisories)
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Any suggested fixes (optional)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 1 week
• Fix Timeline: Depends on severity (critical: days, high: 1-2 weeks, medium/low: next release)

We follow coordinated disclosure:

• We will work with you to understand and address the issue
• We will credit researchers who report valid vulnerabilities (unless you prefer anonymity)
• We request a 90-day disclosure window for fixes

git-adr is designed as a local git tool that:

• Runs with user-level filesystem permissions
• Delegates authentication to git/gh CLI tools
• Stores data in git notes (public metadata, not encrypted)
• Does not run as a network service

1. No encryption at rest: ADRs are stored in git notes without encryption
2. AI content exposure: Content sent to configured LLM providers
3. Wiki sync: Uses git credentials; ensure proper access controls
4. Read operations: Import/attach allow reading from any user-accessible path

The following security rules are intentionally suppressed with justification:

• Dependencies are version-ranged (>=) to receive security patches
• pip-audit is included in dev dependencies for vulnerability scanning
• Run uv run pip-audit to check for known CVEs

When contributing:

• Never use shell=True in subprocess calls
• Always validate output paths against cwd for write operations
• Escape user content in HTML/template outputs
• Use frontmatter/yaml.safe_load for YAML parsing
• Document any security-relevant exceptions in code comments

We thank the security researchers who have helped improve git-adr:

• (Your name could be here)