Hartmut
b41c1d2501
CI / Architecture Guardrails (push) Successful in 2m38s
CI / Assistant Split Regression (push) Successful in 3m33s
CI / Typecheck (push) Successful in 3m51s
CI / Lint (push) Successful in 5m2s
CI / E2E Tests (push) Has been cancelled
CI / Fresh-Linux Docker Deploy (push) Has been cancelled
CI / Release Images (push) Has been cancelled
CI / Build (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
rename(phase 1): CapaKraken → Nexus across code, UI, docs, CI (#61) Co-authored-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com> Co-committed-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com>
886 B
886 B
Security Policy
Reporting a Vulnerability
If you discover a security vulnerability in Nexus, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please email the maintainer directly with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact assessment
We will acknowledge receipt within 48 hours and provide a timeline for resolution.
Supported Versions
Only the latest version on the main branch receives security updates.
Security Practices
- Dependencies are audited nightly via
pnpm auditand on every CI run - Authentication uses Argon2-based password hashing via Auth.js v5
- Rate limiting is enforced on all API endpoints with Redis-backed counters
- All database mutations use parameterized queries via Prisma (no raw SQL)
- Session tokens are rotated on password change