# Security policy

## Supported surfaces

| Surface | Support |
|---|---|
| https://praxis-stack.pages.dev (Pages + Functions) | Current production |
| Skills package zip + dumb-HTTP git tree | Current package version (see MANIFEST) |
| Local install of megapraxis / metamegapraxis | Best-effort on Claude Code, Codex, Grok Build |

## What this project is (security-relevant)

- **Instruction skills** — the portable plugin is two skills + docs/adapters. No bundled MCP server, hooks, auth connector, or project-file writer in the Codex plugin path.
- **Optional backends** — GraphDoc / Pharosiraptor MCP / CF operant are optional. Tier 0 filesystem-fallback is a designed valid path.
- **Public snapshots** — scrubbed operational state only (no home paths, usernames, or full UUIDs).

## Reporting a vulnerability

Please report security issues **privately** when possible:

1. Prefer a direct message to the project operator for the deployment you are using.
2. If you only have the public site, open a responsible-disclosure write-up without exploit
   payloads and without exfiltrated personal data: describe impact, affected surface, and a
   minimal reproduction.
3. Do **not** open a public issue with working exploit code for live ingestion endpoints.

### Ingest endpoint note

`POST /api/snapshots` is bearer-token gated. Do not attempt to brute-force tokens.
If you find an auth bypass or injection path against the Pages Functions / D1 layer,
report it privately.

## Safe harbor

We will not pursue legal action against researchers who:

- Make a good-faith effort to avoid privacy violations and service disruption
- Do not access data belonging to other users beyond what is needed to demonstrate impact
- Report findings promptly and do not exploit them beyond proof of concept

## Hardening expectations (operators)

- Rotate `PRAXIS_INGEST_TOKEN` if exposed
- Keep Cloudflare account MFA enabled
- Deploy production with `--branch=master`
- Review CSP / headers in `_headers` after any third-party script addition (currently none)

## Residual (honest)

There is no formal bug-bounty program and no guaranteed SLA on private reports. That is a
named residual, not a silent claim of enterprise support.
