mamf 0.1.2

Multi-AI council TUI - orchestrate conversations between AI advisors
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

# Security Policy

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| 0.1.x   | :white_check_mark: |

## Reporting a Vulnerability

If you discover a security vulnerability in MAMF, please report it responsibly:

1. **Do NOT** open a public GitHub issue for security vulnerabilities
2. Email the maintainer directly at the email at hffmnnj@tuta.io
3. Include:
   - Description of the vulnerability
   - Steps to reproduce
   - Potential impact
   - Any suggested fixes (optional)

## Response Timeline

- **Initial Response**: Within 48 hours
- **Status Update**: Within 7 days
- **Fix Timeline**: Depends on severity (critical: ASAP, high: 14 days, medium: 30 days)

## Security Considerations

### API Keys

- Store API keys in environment variables or the config file
- Never commit API keys to version control
- The config file (`mamf.yaml`) should have restrictive permissions (0600)

### Network Security

- MAMF makes HTTP requests to external LLM APIs
- All API communications use HTTPS
- Consider using a proxy if operating in a restricted network environment

### Local Storage

- Session data is stored in SQLite at `~/.local/share/mamf/`
- Knowledge base uses Qdrant (default: localhost:6333)
- Log files may contain conversation content

### Input Handling

- User inputs are passed to LLM providers
- Shell commands (Claude CLI integration) use argument escaping
- Web search queries are URL-encoded

## Best Practices

1. Run with minimal required permissions
2. Regularly update dependencies
3. Use environment variables for sensitive configuration
4. Review logs for unexpected behavior
5. Keep your LLM provider credentials secure