| Version | Supported |
|---|---|
| 0.5.x | Yes (Current) |
| 0.4.x | Security fixes only |
| < 0.4 | No |
Do NOT file public GitHub issues for security vulnerabilities.
- Email: security@intentsolutions.io
- Expected response: 48 hours acknowledgment, 7 days initial assessment
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (optional)
Security reports are accepted for:
- CLI tool (
gwi) - Cloud Run services (API, Gateway, Webhook, Worker)
- SDK and packages
- Infrastructure configurations
- GitHub Actions workflows
We will not pursue legal action against security researchers who:
- Act in good faith
- Avoid privacy violations and data destruction
- Give us reasonable time to respond before disclosure
- Threat model:
000-docs/110-DR-TMOD-security-threat-model.md - Security policy:
000-docs/004-BL-POLI-security-policy.md