Files
PinchChat/SECURITY.md
Nicolas Varrot d02009475b docs: add PR template and security policy
- Add .github/PULL_REQUEST_TEMPLATE.md with checklist for contributors
- Add SECURITY.md with vulnerability reporting instructions
2026-02-11 21:35:29 +00:00

28 lines
752 B
Markdown

# Security Policy
## Supported Versions
| Version | Supported |
|---------|-----------|
| Latest | ✅ |
## Architecture
PinchChat is a **static frontend** — it runs entirely in the browser. There is no server-side component.
- Gateway credentials are entered at runtime and stored in `localStorage`
- No secrets are baked into the build
- All communication happens over WebSocket to your own OpenClaw gateway
## Reporting a Vulnerability
If you discover a security issue, please **do not** open a public issue.
Instead, email **contact@nicolasvarrot.fr** with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
You'll receive a response within 48 hours. Valid reports will be credited in the fix commit.