Please report security issues privately — open a GitHub Security Advisory on this repository, or email the maintainer. Please do not open a public issue for anything exploitable. We aim to acknowledge reports within a few days.
- All credentials (
ANTHROPIC_API_KEY,VERCEL_TOKEN,TELEGRAM_BOT_TOKEN, webhook URLs) live only in.env, which is gitignored. Never commit real secrets.chmod 600 .envon shared machines. config.jsonis committable and must contain no secrets — only feeds, layout, and non-secret identifiers. If you'd rather not publish your Telegramchat_idor Vercelteam_id, keep them out ofconfig.jsonand use the environment instead (NOTIFY_TELEGRAM_CHAT_ID).- Scope your Vercel token to the single project/team it needs and rotate it periodically. Treat the Telegram bot token the same way.
- Hotline allowlist. If you run
hotline.py, sethotline.allowto the specific chat ids / handles permitted to talk to the bot. An empty allowlist means it replies to anyone who messages it. - Public page. The published brief is world-readable at its URL. Don't put anything private in it. A hard-to-guess Vercel project name keeps it effectively unlisted, but that is obscurity, not authentication.
- CI. Store secrets as GitHub Actions secrets (masked in logs). The provided
workflow uses least-privilege permissions and no
pull_requesttrigger, so forked PRs cannot read your secrets. For extra assurance, pin actions to commit SHAs instead of tags. - Third-party requests. The page loads web fonts from Google Fonts, so readers' browsers contact Google. Self-host the fonts (or rely on the built-in system-serif fallback) if you want zero third-party requests.
Feeds, the Wordle source, and the LLM's output are all treated as untrusted:
feed text is HTML-escaped, links are restricted to http(s), the LLM is given no
tools and never supplies URLs, and the Wordle answer is validated before use.
See docs/architecture.md for the full trust-boundary
table.