PCMI stores agent memory at rest and exposes it via HTTP + gRPC. A compromise of any production deployment can leak tenant memories, API keys, or distilled knowledge — so security reports are taken seriously and handled out-of-band.

Please do NOT open a public GitHub issue for security bugs.

Use this private channel:

GitHub Private Vulnerability Reporting: https://github.com/marco-spagn/pcmi/security/advisories/new

Include in your report, when possible:

• the PCMI version (/v1/health → version, or internal/version/version.go:Tag)
• the deployment topology (Docker compose, Helm, bare metal, ...)
• a minimal proof-of-concept or repro steps
• any mitigations you have already applied locally

If a reproducible exploit is already public, we accelerate the patch release and skip the embargo window.

In scope (we welcome reports):

• PCMI API (Fiber HTTP, gRPC MemoryService) — RCE, SSRF, IDOR, tenant isolation bypass, RLS bypass, RBAC bypass, rate-limit bypass.
• Worker (distillation, embedding, prune, expiry) — secret exfiltration, LLM prompt-injection that escalates beyond a single tenant, replay or amplification against OpenAI / external services.
• SDKs (sdk/python, sdk/typescript) — signature verification gaps in webhook helpers, TLS bypasses, secret logging.
• Build / supply chain — typosquats, malicious deps, lockfile tampering.

PCMI runs three complementary scanners on every push to main and on every PR:

Findings land in the repository's Security → Code scanning alerts and Security → Dependabot alerts tabs. Maintainers triage on a weekly cadence.