At HackSight, we take security very seriously.

If you discover a vulnerability in this project:

• Please do not open a public GitHub issue.
• Instead, responsibly disclose the vulnerability to our team by emailing:
  📧 security@hacksight.dev (example — replace with your real contact email).

We will investigate promptly and work to fix any security issues as quickly as possible.

To maintain the security and integrity of HackSight:

• 🔒 Secrets must not be committed to Git history.
  Environment variables such as API keys, private keys, or credentials must be stored in a .env file and ignored via .gitignore.

• 🚀 Rotate secrets if they are accidentally exposed.

• 🔥 Use environment variable examples.
  Provide a packages/agents/onchain/.env.example file for developers to know what variables are expected.

• 🛡 Audit dependencies regularly to ensure no vulnerabilities are introduced via third-party libraries.

• Secret scanning enabled via GitHub.
• API keys rotated after leak detection.
• .env files properly git-ignored.
• Ongoing dependency monitoring via GitHub Dependabot.

Thank you for helping us keep HackSight secure! 🤝