Security fixes are prepared against the current main branch and included in the next package release.

Report suspected vulnerabilities privately through GitHub security advisories or private vulnerability reporting for this repository. Do not open a public issue for exploitable behavior, dependency vulnerabilities with an available proof of concept, credential exposure, or a bypass of the read-only MCP/query contract.

Include:

• affected version or commit
• reproduction steps
• expected impact
• relevant logs or proof of concept
• whether the report can be disclosed publicly after a fix is available

Maintainers should acknowledge reports within 7 days, triage severity, and coordinate disclosure timing with the reporter.

The production security boundary is local-first:

• The stdio MCP transport is intended for local MCP clients.
• The HTTP MCP transport binds to localhost by default.
• --allow-remote requires a bearer token. It does not add TLS, rate limiting, authorization scopes, or a multi-user session model.
• HTTP tool calls require an initialized Mcp-Session-Id; one client's initialize request must not unlock tools for another client.
• graph_query is intended to remain read-only. Do not relax query restrictions without a parser-level read-only proof or an explicit safe-procedure allowlist.

Dependency vulnerability scanning runs in hosted CI and release workflows. Local setup commands must not call external advisory services implicitly.