Do not open a public GitHub issue for security vulnerabilities.
Report security issues through one of the following private channels:
- Email: security@mrdemonwolf.com
- GitHub private advisory: Use the "Report a vulnerability" button under the Security tab of this repository.
Include as much detail as possible: a description of the issue, steps to reproduce, potential impact, and any suggested mitigations.
We will acknowledge receipt of your report within 72 hours and aim to provide a resolution timeline within 14 days. We ask that you allow up to 90 days for a fix to be developed and released before any public disclosure. We will coordinate the public disclosure date with you.
We appreciate responsible disclosure and will credit reporters in release notes unless you prefer to remain anonymous.
This policy covers the WolfWave native macOS application and its associated services. For general API key and configuration guidance, see apps/native/WolfWave/SECURITY.md in the repository.