Apply updated Codex repository kit

2026-05-03 22:22:57 +02:00
parent b2e09396ba
commit c02413813b
10 changed files with 335 additions and 1 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,22 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+| --- | --- |
+| Latest `main` | Yes |
+
+## Reporting A Vulnerability
+
+Report security issues privately to the project owner.
+
+Do not include secrets, production data, private repository URLs, or credentials in public issues.
+
+## Project Security Principles
+
+- Keep secrets out of the repository.
+- Prefer local processing for user data.
+- Document external network calls.
+- Keep release artifacts reproducible through CI.
+- Run dependency and workflow checks before releases.
+- Connected Library v1 must use public HTTPS manifest and `.mrpack` URLs only.