docs: add PR template and security policy

- Add .github/PULL_REQUEST_TEMPLATE.md with checklist for contributors
- Add SECURITY.md with vulnerability reporting instructions
This commit is contained in:
Nicolas Varrot
2026-02-11 21:35:29 +00:00
parent fd66fed96f
commit d02009475b
2 changed files with 52 additions and 0 deletions

27
SECURITY.md Normal file
View File

@@ -0,0 +1,27 @@
# Security Policy
## Supported Versions
| Version | Supported |
|---------|-----------|
| Latest | ✅ |
## Architecture
PinchChat is a **static frontend** — it runs entirely in the browser. There is no server-side component.
- Gateway credentials are entered at runtime and stored in `localStorage`
- No secrets are baked into the build
- All communication happens over WebSocket to your own OpenClaw gateway
## Reporting a Vulnerability
If you discover a security issue, please **do not** open a public issue.
Instead, email **contact@nicolasvarrot.fr** with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
You'll receive a response within 48 hours. Valid reports will be credited in the fix commit.