Skip to content

Security: tejas1364/Tomo-News

Security

SECURITY.md

Security

Reporting a vulnerability

Please report security issues privately — open a GitHub Security Advisory on this repository, or email the maintainer. Please do not open a public issue for anything exploitable. We aim to acknowledge reports within a few days.

Secrets

  • All credentials (ANTHROPIC_API_KEY, VERCEL_TOKEN, TELEGRAM_BOT_TOKEN, webhook URLs) live only in .env, which is gitignored. Never commit real secrets. chmod 600 .env on shared machines.
  • config.json is committable and must contain no secrets — only feeds, layout, and non-secret identifiers. If you'd rather not publish your Telegram chat_id or Vercel team_id, keep them out of config.json and use the environment instead (NOTIFY_TELEGRAM_CHAT_ID).
  • Scope your Vercel token to the single project/team it needs and rotate it periodically. Treat the Telegram bot token the same way.

Hardening notes

  • Hotline allowlist. If you run hotline.py, set hotline.allow to the specific chat ids / handles permitted to talk to the bot. An empty allowlist means it replies to anyone who messages it.
  • Public page. The published brief is world-readable at its URL. Don't put anything private in it. A hard-to-guess Vercel project name keeps it effectively unlisted, but that is obscurity, not authentication.
  • CI. Store secrets as GitHub Actions secrets (masked in logs). The provided workflow uses least-privilege permissions and no pull_request trigger, so forked PRs cannot read your secrets. For extra assurance, pin actions to commit SHAs instead of tags.
  • Third-party requests. The page loads web fonts from Google Fonts, so readers' browsers contact Google. Self-host the fonts (or rely on the built-in system-serif fallback) if you want zero third-party requests.

Trust model

Feeds, the Wordle source, and the LLM's output are all treated as untrusted: feed text is HTML-escaped, links are restricted to http(s), the LLM is given no tools and never supplies URLs, and the Wordle answer is validated before use. See docs/architecture.md for the full trust-boundary table.

There aren't any published security advisories