| Version | Supported |
|---|---|
| 1.x.x | ✅ |
If you discover a security vulnerability in Usage Console, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please send an email to the maintainers with:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes (optional)
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Updates: We will provide updates on the status of your report
- Resolution: We aim to resolve critical vulnerabilities within 7 days
- Credit: We will credit you in the release notes (unless you prefer to remain anonymous)
When using Usage Console:
- Keep the application updated to the latest version
- Do not share your API tokens or credentials
- The app stores tokens locally and never transmits them to third parties
- Review the permissions requested by the app
Usage Console reads API tokens from:
- Claude: macOS Keychain or
~/.claude/.credentials.json - Codex:
~/.codex/auth.json - Cursor: User-configured in the app settings
These tokens are only used to query usage APIs and are never stored or transmitted elsewhere.