Security fixes are currently applied to the latest published version of Vibe Driven Dev.
Please do not open a public GitHub issue for security vulnerabilities.
Instead, report the issue privately to the project maintainer with:
- a clear description of the problem
- affected files or commands
- reproduction steps
- impact assessment if known
If a fix is confirmed, the preferred path is:
- validate the report privately
- prepare the smallest safe fix
- add tests or guards where possible
- publish the fix and disclosure notes once users can update safely
Vibe Driven Dev is designed around:
- minimal writes outside the intended project scope
- explicit trust tiers for imported sources
- validation before promotion of external packs
- deterministic handoff artifacts over hidden side effects