Binnacle is a local-first desktop app for Cloudflare D1, R2, and KV. If you discover a security issue, report it privately first. Do not open a public issue with exploit details, tokens, screenshots containing secrets, or reproduction steps that expose live credentials.

• Email: security@minionsx.ai
• Include the affected commit, platform, and a clear reproduction path.
• State whether the issue requires a real Cloudflare account, a specific token scope, or a local keychain/Secret Service setup.
• If you already have a fix or mitigation, include it.

We will try to acknowledge valid reports within 5 business days.

• Never post Cloudflare API tokens, R2 API tokens, access keys, secret keys, session tokens, or exported local config/state files in public issues or pull requests.
• Binnacle is designed so account metadata stays on disk while API tokens stay in the operating system keychain.
• On macOS this means Keychain. On Linux this means a Secret Service backend such as GNOME Keyring or KWallet.
• If you believe a token was exposed, revoke or rotate it in Cloudflare first, then report the issue.

When reporting auth-related issues, distinguish between product bugs and token-scope problems where possible:

• User -> User Details -> Read is optional and is only used for profile metadata.
• D1, R2, and KV flows may fail if the token does not have the corresponding account permissions.
• Scope mismatches should not require publishing the token value itself; describe the token type and granted permissions instead.

• Prefer fresh test credentials with the narrowest possible Cloudflare scopes.
• Redact account IDs, bucket names, namespace IDs, object keys, and SQL result data when they are not necessary to explain the issue.
• Do not attach keychain exports, shell history with live secrets, or screenshots that reveal tokens.

The following are generally not treated as security vulnerabilities by themselves:

• Missing product features or unsupported workflows
• Rate limits or availability problems in Cloudflare services
• Requests to broaden default token scopes beyond the current local-first design