- Add .github/PULL_REQUEST_TEMPLATE.md with checklist for contributors - Add SECURITY.md with vulnerability reporting instructions
752 B
752 B
Security Policy
Supported Versions
| Version | Supported |
|---|---|
| Latest | ✅ |
Architecture
PinchChat is a static frontend — it runs entirely in the browser. There is no server-side component.
- Gateway credentials are entered at runtime and stored in
localStorage - No secrets are baked into the build
- All communication happens over WebSocket to your own OpenClaw gateway
Reporting a Vulnerability
If you discover a security issue, please do not open a public issue.
Instead, email contact@nicolasvarrot.fr with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
You'll receive a response within 48 hours. Valid reports will be credited in the fix commit.