| Version | Supported |
|---|---|
| 0.x | Yes |
Please do not report security vulnerabilities through public GitHub issues.
To report a security vulnerability:
- Email:
anir.dev.corp@gmail.com - Or use GitHub Private Security Advisories
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will respond within 48 hours and aim to release a fix within 7 days for critical issues.
- git-smart-flow runs locally and never automatically sends data to remote services
- AI providers are opt-in and configurable
- Raw diffs are not sent to AI by default (
allowRawDiff: false) - The security scanner blocks commits containing detected secrets
- No credentials are stored in plaintext in the source code
See docs/security.md for full details.