This Security Policy outlines the process for reporting security vulnerabilities in the Anticipator project and defines expectations for responsible disclosure.

Security updates are provided only for the latest stable release.

Users are strongly encouraged to upgrade to the latest version to receive security fixes.

If you believe you have discovered a security vulnerability, please report it privately.

Do NOT create a public GitHub issue.

Submit reports via email:

• mohithkarthikeya28@gmail.com
• rishi.thippan@gmail.com

Please include:

• A detailed description of the vulnerability
• Steps to reproduce the issue
• Affected versions
• Potential impact
• Proof-of-concept code (if applicable)

We will acknowledge receipt of your report within 24 hours.

We request that researchers:

• Do not publicly disclose vulnerabilities before a fix is released.
• Do not exploit vulnerabilities beyond what is necessary for proof-of-concept.
• Allow reasonable time for remediation.

We commit to:

• Investigating all legitimate reports.
• Releasing patches in a timely manner.
• Crediting reporters where appropriate.

This policy applies only to:

• The Anticipator core engine
• Official CLI tools
• Official integrations

This policy does NOT cover:

• Third-party dependencies
• User misconfiguration
• Forked or modified versions

This project is provided "as is" without warranty of any kind, express or implied, including but not limited to fitness for a particular purpose or non-infringement.

The maintainers shall not be liable for any damages arising from the use of this software.

We will not pursue legal action against security researchers who:

• Act in good faith
• Avoid privacy violations
• Avoid service disruption
• Follow this disclosure policy

However, activities that violate applicable laws are not authorized.