| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take security seriously. If you discover a security vulnerability in CodeWalk, please report it responsibly.
DO NOT open a public GitHub issue for security vulnerabilities.
Instead, please report security issues by emailing:
Or use GitHub's private vulnerability reporting:
- Go to the Security tab of the repository
- Click "Report a vulnerability"
- Fill out the form with details
- Description: A clear description of the vulnerability
- Impact: What an attacker could accomplish by exploiting it
- Steps to Reproduce: Detailed steps to reproduce the issue
- Affected Versions: Which versions are affected
- Possible Fix: If you have suggestions for how to fix the issue
- Your Contact: How we can reach you for follow-up questions
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Initial Assessment: We will provide an initial assessment within 7 days
- Resolution: We aim to resolve critical vulnerabilities within 30 days
- Disclosure: We will coordinate disclosure timing with you
- Confirmation: We'll confirm we received your report
- Communication: We'll keep you updated on our progress
- Credit: With your permission, we'll credit you in the security advisory
- No Legal Action: We will not pursue legal action against researchers who follow responsible disclosure
CodeWalk connects to OpenCode-compatible servers over HTTP/SSE. Users should:
- Use trusted servers only: The app sends prompts and receives code over the connection
- Prefer HTTPS: When connecting to remote servers, always use HTTPS endpoints
- Avoid public networks: Server credentials transit the connection
- Server URLs and connection settings are stored in
SharedPreferences(platform default) - No API keys or tokens are stored by the app itself (authentication is server-side)
- Session data and chat history remain on the server
For security concerns: security@verseles.com
For general questions: GitHub Discussions
For bug reports: GitHub Issues