Please do not report security vulnerabilities through public GitHub issues.
If you have discovered a security vulnerability in x-cli, please send an email to security@example.com (placeholder).
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
x-cli attempts to use the OS keychain (Keychain on macOS, Secret Service API on Linux, Credential Manager on Windows) to store OAuth tokens. If these are unavailable, tokens are stored in ~/.x-cli/sessions/ encrypted with a local key derived from a machine identifier or user password (implementation dependent).