If you discover a security vulnerability in melchizedek, please report it through GitHub Security Advisories.

Please do NOT open a public issue for security vulnerabilities.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: within 48 hours
• Initial assessment: within 1 week
• Fix or mitigation: depends on severity

melchizedek is designed with these security properties:

• Offline by default: no network calls except lazy model downloads on first use
• No telemetry: zero tracking, zero analytics
• Private content redaction: <private> tags are replaced with [REDACTED]
• Read-only source: never writes to ~/.claude/projects/ (transcript source)
• Local storage only: all data in ~/.melchizedek/memory.db (single SQLite file)
• Graceful degradation: each layer (embeddings, reranker) is optional