If you discover a security vulnerability in this project, please do not open a public GitHub Issue.

Instead, report it privately by:

• Opening a GitHub private security advisory, or
• Emailing the repository owner directly (see GitHub profile for contact details)

Please include:

• A description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested remediation (optional but appreciated)

You can expect an acknowledgement within 72 hours and a resolution or update within 14 days for valid reports.

This project follows several security best practices:

Authentication

• GitHub Actions uses OIDC to authenticate with AWS — no long-lived access keys are stored anywhere.

Secrets Management

• All sensitive values (AWS Role ARN, Account ID, Region) are stored as GitHub repository secrets, not in source code.
• The .gitignore is configured to prevent committing .env files, Terraform state files, and AWS credentials.

IAM Least Privilege

• The GitHub Actions IAM role is scoped to only the AWS services required for deployment.
• Lambda execution role grants only the permissions needed (Bedrock, S3, CloudWatch Logs).

Data

• Conversation memory is stored in a private S3 bucket with all public access blocked.
• Terraform state is encrypted at rest (AES-256) and protected by DynamoDB locking.

Network

• All traffic is served over HTTPS via CloudFront with TLS 1.2 minimum.
• API Gateway has rate limiting configured to reduce abuse exposure.

• The memory S3 bucket stores conversations keyed by session ID. There is no user authentication — anyone with a valid session ID can retrieve that session's history. This is intentional for simplicity and acceptable for a personal digital twin, but should be hardened before use in a multi-user production context.
• API throttling is set conservatively. Adjust api_throttle_burst_limit and api_throttle_rate_limit in terraform.tfvars based on your expected usage to balance availability and cost control.