Security matters because people matter.
If you find a vulnerability or risky behavior in Reflex, please report it responsibly.
Only the latest release is actively supported for security issues.
Please report security concerns to:
[ADD CONTACT HERE]
Include:
- Description of the issue
- Steps to reproduce
- Potential impact
- Relevant code or links
- Your environment (OS, Node version, etc.)
Please do NOT open a public issue for security vulnerabilities.
We will:
- Acknowledge your report within 72 hours
- Investigate it carefully
- Communicate progress when possible
- Credit you (if you want) after resolution
We strongly believe in responsible disclosure.
Do not exploit, publish, or discuss vulnerabilities publicly before we address them.
Our priority is protecting people first, not publicity.
Reflex believes:
- Security is part of architecture
- Simplicity reduces attack surface
- Transparency builds trust
- Humans are more important than systems
We value your help. Thank you for protecting this space.