agent-git 0.1.0

A git wrapper that tracks cloned repos and prevents duplicate clones
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

# Security Policy

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| latest  | :white_check_mark: |

## Reporting a Vulnerability

If you discover a security vulnerability in agent-git, please report it responsibly:

1. **Do NOT open a public issue**
2. Use [GitHub Security Advisories](https://github.com/exisz/agent-git/security/advisories/new) to report the vulnerability privately
3. Include:
   - Description of the vulnerability
   - Steps to reproduce
   - Potential impact
   - Suggested fix (if any)

## Response Timeline

- **Acknowledgment:** Within 48 hours
- **Assessment:** Within 1 week
- **Fix:** Depending on severity, typically within 2 weeks

## Scope

agent-git interacts with your filesystem (tracking clone locations) and shells out to `git`. Security concerns include:

- Path traversal in registry operations
- Shell injection via URL or path arguments
- Registry file tampering

We take these seriously and will address reported issues promptly.