48aea87028
* feat: add prek pre-commit hooks and dependabot Pre-commit hooks (via prek): - Basic hygiene: trailing-whitespace, end-of-file-fixer, check-yaml, check-added-large-files, check-merge-conflict - Security: detect-secrets, zizmor (GitHub Actions audit) - Linting: shellcheck, actionlint, oxlint, swiftlint - Formatting: oxfmt, swiftformat Dependabot: - npm and GitHub Actions ecosystems - Grouped updates (production/development/actions) - 7-day cooldown for supply chain protection Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: add prek install instruction to AGENTS.md --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
15 lines
415 B
Markdown
15 lines
415 B
Markdown
# Security Policy
|
||
|
||
If you believe you’ve found a security issue in Clawdbot, please report it privately.
|
||
|
||
## Reporting
|
||
|
||
- Email: `steipete@gmail.com`
|
||
- What to include: reproduction steps, impact assessment, and (if possible) a minimal PoC.
|
||
|
||
## Operational Guidance
|
||
|
||
For threat model + hardening guidance (including `clawdbot security audit --deep` and `--fix`), see:
|
||
|
||
- `https://docs.clawd.bot/gateway/security`
|