This repository currently supports the main branch.
If you find a security issue, avoid posting secrets or private data in a public issue. Contact the repository owner directly, or use GitHub private vulnerability reporting if it is enabled.
- Set a strong
API_KEYbefore exposing the API outside your local machine. - Do not commit
.env,HF_TOKEN, API keys, model weights, or generated private outputs. - Rotate
API_KEYandHF_TOKENimmediately if they are exposed. - Run the service behind a trusted network or reverse proxy before public use.
- Keep Docker images and Python dependencies updated.