- Add .github/PULL_REQUEST_TEMPLATE.md with checklist for contributors - Add SECURITY.md with vulnerability reporting instructions
28 lines
752 B
Markdown
28 lines
752 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
| Version | Supported |
|
|
|---------|-----------|
|
|
| Latest | ✅ |
|
|
|
|
## Architecture
|
|
|
|
PinchChat is a **static frontend** — it runs entirely in the browser. There is no server-side component.
|
|
|
|
- Gateway credentials are entered at runtime and stored in `localStorage`
|
|
- No secrets are baked into the build
|
|
- All communication happens over WebSocket to your own OpenClaw gateway
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you discover a security issue, please **do not** open a public issue.
|
|
|
|
Instead, email **contact@nicolasvarrot.fr** with:
|
|
|
|
- A description of the vulnerability
|
|
- Steps to reproduce
|
|
- Potential impact
|
|
|
|
You'll receive a response within 48 hours. Valid reports will be credited in the fix commit.
|