Arise is pre-release software. It runs local commands, manages Git worktrees, and stores planning and execution artifacts on disk. Treat it as a developer tool for trusted local repositories until the project publishes a broader security model.

Security fixes are handled on the default development branch until the project has tagged public releases. There is no separate long-term support branch yet.

Do not open a public issue for a vulnerability.

After the public repository is finalized, use GitHub private vulnerability reporting for that repository. Before that is enabled, report issues through the private maintainer channel that gave you repository access.

Include:

• affected command or workflow
• operating system and Rust toolchain
• Arise commit SHA
• reproduction steps with the smallest safe example
• whether .arise/ artifacts, provider logs, prompts, environment variables, or local paths were exposed
• any suspected secret, token, private key, or credential exposure

Do not send real secrets, private keys, or full provider transcripts unless a maintainer explicitly asks for a redacted artifact bundle.

Please report:

• command injection or unintended shell execution
• sandbox, approval, or --yolo policy bypasses
• unsafe handling of Git worktrees, patches, or checkpoint replay
• path traversal or writes outside the intended repository/worktree boundary
• accidental persistence of secrets or environment values in .arise/
• disclosure of private prompts, provider output, local absolute paths, or repository state
• dependency vulnerabilities that are reachable through supported commands

Generally out of scope:

• model quality issues without a security impact
• expected local command execution inside a trusted checkout
• failures caused by intentionally running with --yolo
• denial-of-service from very large local inputs unless it corrupts state or bypasses policy

Maintainers should acknowledge reports within three business days, triage severity, and avoid public disclosure until a fix or mitigation is available. If a report involves leaked credentials or private artifacts, rotate the credential and decide whether history rewriting is needed before public publication.

Security fixes should include regression coverage when practical. For artifact exposure issues, tests should verify both SQLite/NDJSON state and file artifacts when both surfaces can carry the sensitive data.

Generated runtime state under .arise/ can include prompts, provider output, command logs, local file paths, run databases, event streams, and recovery bundles. .arise/ is ignored by Git, but users should still review artifacts before sharing them in an issue, PR, chat, or support request.

Before the first public push, maintainers should enable GitHub private vulnerability reporting or replace this section with the final public security contact.