If you discover a vulnerability in Neuroglyph, we strongly encourage you to report it privately and responsibly.
Please email:
Include:
- A clear description of the issue
- Steps to reproduce (if applicable)
- Potential impact or scope
We aim to respond to all reports within 72 hours.
We currently support security fixes for the following versions:
| Version | Supported? |
|---|---|
main |
✅ Yes |
dev |
✅ Yes (unstable) |
| < v0.1 | ❌ No |
This security policy applies to:
- The Neuroglyph CLI (
gitmind) - The optional daemon (
glyphd) - The Semlink protocol implementation
- Plugins officially maintained in this repository
It does not apply to third-party tools, forks, or downstream packages.
We believe semantic knowledge should be safe, auditable, and resilient. If Neuroglyph is to become cognitive infrastructure, it must be built on trust.
Thank you for helping us build something worthy of that trust.
— The Neuroglyph Maintainers 🧠