opencode-ralph-loop-cli 0.1.0

Scaffolder CLI for OpenCode Ralph Loop plugin — one command setup
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

# Security Policy — opencode-ralph-loop-cli

> This document is also available in [Português](SECURITY.pt-BR.md).


## Supported Versions
### Coverage — Actively Maintained Releases
| Version | Supported |
|---|---|
| 0.1.x | Yes |

- Versions below 0.1.0 receive no security patches
- Security fixes are released as patch versions on supported branches


## Reporting a Vulnerability
### Contact — Private Disclosure Channel
- Send vulnerability reports to: claude.ai.twenty614@passmail.net
- Use subject line: [SECURITY] opencode-ralph-loop-cli vulnerability
- Include: affected version, description, reproduction steps, potential impact
- Do NOT open public GitHub issues for security vulnerabilities


## Response Timeline
### SLA — Guaranteed Response Times
- Initial triage response within 72 business hours
- Critical (CVSS 9.0+): patch released within 7 days
- High (CVSS 7.0-8.9): patch released within 14 days
- Medium (CVSS 4.0-6.9): patch released within 30 days
- Low (CVSS < 4.0): patch included in next scheduled release


## Disclosure Policy
### Process — Coordinated Disclosure
- Maintainers notify the reporter when the fix is ready
- Embargoed period lasts up to 90 days from disclosure
- CVE assignment is requested for confirmed vulnerabilities
- Public disclosure happens after the patch is released on crates.io


## Security Update Policy
### Notifications — How Updates Are Communicated
- Critical patches are announced in CHANGELOG.md under Security
- GitHub releases include a security tag for affected releases
- Yanked versions are marked on crates.io immediately


## Configuration Best Practices
### Hardening — Reduce Your Attack Surface
- Validate all --path arguments come from trusted sources
- Do not run opencode-ralph-loop-cli as root in production
- Inspect generated files before committing to version control
- Use --dry-run to preview operations before executing


## Hall of Fame
### Recognition — Responsible Disclosure Credits
- Security researchers who disclose responsibly receive credit in CHANGELOG.md
- Disclosures credited with researcher name or alias at their preference


## Attribution
### Standard — Known Vulnerabilities Reference
- No known vulnerabilities at this time (2026-04-17)
- Monitor https://rustsec.org for Rust ecosystem advisories