If you discover a security vulnerability in AgentIRC, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Please report security issues privately using one of the following methods:
- GitHub Security Advisories: Report a vulnerability privately
- Email: Contact the maintainer directly
Include:
- A description of the vulnerability
- Steps to reproduce the issue
- The potential impact
- Acknowledgment: Within 48 hours
- Fix timeline: Within 7 days of acknowledgment
- Disclosure: Coordinated with the reporter after a fix is available
This project uses automated security scanning:
- Bandit — Python security vulnerability detection
- Pylint — Static code analysis
- CodeQL — GitHub-native semantic analysis
- SonarCloud — Comprehensive code quality and security
- Safety — Dependency vulnerability scanning
- Dependency Review — PR-level dependency checks
See docs/operations/SECURITY.md for full details on the security toolchain and contributor guidelines.