Elgato_dark/Archon
1
0
Fork 0
mirror of https://github.com/coleam00/Archon synced 2026-04-21 21:47:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
Archon/SECURITY.md
Cole Medin ae346c2a67 feat: prepare for open-source migration to coleam00/Archon 
- Replace all dynamous-community/remote-coding-agent references with coleam00/Archon
- Replace all ghcr.io/dynamous-community/remote-coding-agent with ghcr.io/coleam00/archon
- Change license from proprietary Dynamous to MIT
- Fix cd directory name in docs (remote-coding-agent → Archon)
- Remove hardcoded local paths from skills and docs
- Add Windows x64 binary to release pipeline (cross-compiled from Linux)
- Add --minify --bytecode flags to binary compilation
- Create PowerShell install script (scripts/install.ps1)
- Fix isBinaryBuild() detection for Bun 1.3.5+ (use import.meta.dir virtual FS check)
- Scaffold Astro Starlight docs site at website/ (Astro 6 + Starlight 0.38)
- Add deploy-docs.yml workflow for GitHub Pages
- Update test.yml branch triggers (develop → dev)
- Add install section with curl/PowerShell/Homebrew/Docker to README
- Add badges and archon.diy docs link to README
- Create SECURITY.md with vulnerability disclosure policy
- Update CONTRIBUTING.md for public audience
- Add website/ and eslint ignores for Astro-generated files

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 10:47:22 -05:00

993 B
Raw Blame History

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in Archon, please report it responsibly.

Do NOT open a public issue for security vulnerabilities.

Instead, email cole@dynamous.ai or use GitHub's private vulnerability reporting.

Include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)

We'll acknowledge and respond as soon as possible.

Scope

This policy covers the Archon codebase, including:

  • CLI binary
  • Server and Web UI
  • Platform adapters (Slack, Telegram, GitHub, Discord)
  • Docker images published to GHCR

Best Practices for Users

  • Never commit API keys to your repository
  • Use environment variables or .env files (which are gitignored)
  • When deploying the server publicly, use the Caddy reverse proxy with authentication (see deploy/docker-compose.yml)
  • Keep Archon updated to the latest version