| Version | Supported |
|---|---|
| latest | β Yes |
| < 1.0 | β No |
Please do not open a public GitHub issue for security vulnerabilities.
Report security concerns to:
π§ security@aiep.protocol (monitored β response within 72 hours)
Include in your report:
- A description of the vulnerability and its potential impact
- Steps to reproduce or proof-of-concept
- The affected version(s) and component(s)
AIEP Hub follows secure-by-default practices:
-
No server-side secrets in repository β
wrangler.tomlcontains only non-secret deployment configuration. Secrets are managed via Cloudflare environment variables. -
Static site β Hub is a fully pre-rendered Astro site deployed to Cloudflare Pages. No runtime user-data handling.
-
Content Security Policy β HTTP security headers enforced by
_headersfile and Cloudflare Workers. -
Dependency hygiene β
node_modules/is gitignored; dependencies are pinned viapackage-lock.json.
This policy applies to the AIEP Hub Astro site and associated Cloudflare Workers.
Out of scope: the AIEP specification documents (.md files in src/pages/) β these are
technical documents, not executable software.
SPDX-License-Identifier: Apache-2.0 Β© 2025β2026 Neil Grassby. All rights reserved.