| Version | Supported |
|---|---|
| 2.1.x | ✅ Current release |
| < 2.1 | ❌ Not supported |
Stream Coding is a methodology framework (documentation + scripts), not a running service. However, if you discover a security issue in any of the bundled scripts (e.g., verify.py, install.sh), please report it responsibly.
- Do NOT open a public issue for security vulnerabilities
- Email jeremy.garreau@pyl.tech with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
| Action | Timeline |
|---|---|
| Acknowledgment | Within 48 hours |
| Initial assessment | Within 1 week |
| Fix release | Within 2 weeks for critical issues |
The following are in scope:
- Scripts in
.agents/skills/*/scripts/ - The
install.shinstaller - Any file that executes code or modifies the user's system
The following are out of scope:
- Documentation content (Markdown files)
- Templates and examples
- Methodology rules (non-executable)
This project includes a /security-review skill that covers:
- OWASP Top 10 checks
- Secrets detection
- Dependency auditing
- Pre-commit security checklists
We encourage contributors to run /security-review on any code changes.