This policy covers the @auraone/sdk TypeScript SDK source published in this repository.
The hosted AuraOne backend at api.auraone.ai is out of scope for this repository. Backend security reports should be sent to security@auraone.ai.
| Version | Supported |
|---|---|
| 0.1.x | Yes |
Please report security issues privately. Do not open a public GitHub issue.
- Email:
security@auraone.ai - Subject:
[sdk-typescript] <short description>
Include:
- Affected SDK version.
- Description and impact.
- Steps to reproduce, ideally with a minimal proof-of-concept.
- Any suggested mitigation.
We'll acknowledge within 3 business days.
- Arbitrary code execution from SDK methods processing trusted-looking input.
- Token / credential leakage paths.
- Insecure default authentication or transport behavior.
We prefer coordinated disclosure. We'll work with you on a timeline that gives users time to upgrade before public details are published.