impforge-cli, impforge-aiimp-updater, every crate under crates/, and
all bundled templates / skills / MCP manifests / compliance rules.
impforge-cliimports no proprietary ImpForge engine code. Every line in this repository is MIT-licensed and auditable.- The Pro version (
impforge-aiimp) is distributed only as a Tauri binary via https://impforge.com. It does not share crates or build artefacts with this repository. - Migration from CLI to Pro happens through an Ed25519-signed JSON bundle validated by the Pro app's Quarantine Layer. There is no network handshake between the CLI and Pro app.
We ship security fixes for the latest two minor releases on main.
Please email security@impforge.com with:
- A reproduction of the issue (steps, exploit, or PoC).
- The affected version (
impforge-cli --version). - Your preferred disclosure timeline.
We aim to acknowledge within 24 h and ship a fix within 7 days for high-severity issues, 30 days for medium, 90 days for low.
cargo auditruns on every PR via CI.cargo clippy --all-targets -- -D warningsblocks merges.- Every
#[tauri::command]-style entry point runs through theimpforge_emergence::Orchestrator's capability discovery and is subject to the runtime's health / self-heal loop. - No
unwrap()in production Rust code. Tests useexpect("why")with a human-readable reason. - Template scaffolding refuses absolute paths and
..directory-escape sequences. - Metadata entering any LLM prompt is wrapped as
TreatAsDatawith unicode-directional-character stripping (OWASP LLM01:2025).
- Vulnerabilities in third-party MCP servers we reference. Report those upstream. Our manifests point at upstream repositories.
- Vulnerabilities in the user's local Ollama / llama.cpp / HuggingFace installations.
- Issues with the commercial
impforge-aiimpapp — report those via https://impforge.com/support.
impforge-aiimp-updaterpins an Ed25519 public key incrates/impforge-aiimp-updater/src/pubkey.rs. Rotations are announced inCHANGELOG.mdand published on https://impforge.com/security.