Machine Dialect™ is currently in ALPHA stage. Only the latest release receives security updates and support. Older releases are immediately deprecated when a new version is released.

If you discover a security vulnerability in Machine Dialect™, please report it by:

1. DO NOT create a public GitHub issue
2. Create a private security advisory on GitHub

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Resolution Target: Within 30 days for critical issues

When contributing to Machine Dialect™:

1. Never commit secrets or credentials

   • API keys, passwords, tokens must never be in code
   • Use environment variables for sensitive data

2. Validate all inputs

   • Sanitize user inputs
   • Prevent injection attacks
   • Handle edge cases safely

3. Follow secure coding guidelines

   • Use type hints (Python) and strict typing (Rust)
   • Run security linters (ruff for Python, clippy for Rust)
   • Keep dependencies updated
   • No unsafe Rust code without thorough review

4. Test security implications

   • Consider security in your tests
   • Test error conditions
   • Verify access controls

• Managed through UV and pyproject.toml
• Regular security audits via pip audit
• Known vulnerabilities are patched promptly

• Managed through Cargo.toml
• Regular audits via cargo audit
• Dependencies are kept minimal for security

As Machine Dialect™ is in ALPHA:

• Breaking changes may occur for security improvements
• Security features are still being developed
• Not recommended for production use yet

For security concerns, please contact the maintainers through:

• GitHub Security Advisories (preferred)
• Project maintainer: @kennylajara