If you discover a security vulnerability in Felix, please report it responsibly.
Use a private channel with the maintainer rather than opening a public issue for sensitive reports.
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
We aim to acknowledge critical reports within 48 hours.
| Version | Supported |
|---|---|
| Latest private alpha | Yes |
Felix follows coordinated disclosure. Please give maintainers reasonable time to address the issue before public disclosure.
Felix may eventually scaffold or repair other agent repos. Treat generated commands, repo paths, install hooks, and CI files as sensitive behavior surfaces. Felix should never write secrets into Git, Scridos, logs, or chat.