ktx/SECURITY.md

# Security Policy

## Reporting a vulnerability

If you believe you've found a security vulnerability in KTX, please report it
**privately** through GitHub Security Advisories:

[Report a vulnerability](https://github.com/Kaelio/ktx/security/advisories/new)

If you cannot use GitHub Security Advisories, email `support@kaelio.com`
instead. Please do **not** open a public issue, post in the KTX Slack, or
share details elsewhere until we have published a fix.

When reporting, please include:

- A description of the issue and its impact
- Steps to reproduce
- The KTX version affected

## What to expect

- We will acknowledge your report within a few business days.
- We will work with you to verify the issue and develop a fix.
- We will credit you in the resulting advisory unless you prefer to remain
  anonymous.

## Supported versions

We provide security fixes for the latest released version of
[`@kaelio/ktx`](https://www.npmjs.com/package/@kaelio/ktx). Older versions
may receive fixes at the maintainers' discretion.
chore(community): rewards program, issue templates, and triage workflow (#176) * chore(community): rewards program, issue templates, and triage workflow Adds the public-facing community engagement infrastructure. CONTRIBUTING.md introduces a three-tier rewards program (sticker / t-shirt / hoodie) gated on merged PRs, with explicit eligibility rules to keep the program sustainable. Fulfillment is handled by emailing support@kaelio.com. The .github/ISSUE_TEMPLATE/ forms give structure to bug reports and feature requests, and config.yml routes questions to the KTX Slack instead of GitHub Discussions (matching the routing established in docs-site/.../support.mdx). The triage-issues workflow applies a needs-triage label only when the issue author isn't OWNER, MEMBER, or COLLABORATOR — so internal issues stay clean while external contributions get queued for maintainer review. The first 14 connector contribution issues (#161-174) have been filed using these labels and reward tiers. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(community): add SECURITY.md Documents the private reporting channel (GitHub Security Advisories with support@kaelio.com as fallback), what reporters should include, and the supported-version policy. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-19 19:42:06 -04:00			`# Security Policy`

			`## Reporting a vulnerability`

			`If you believe you've found a security vulnerability in KTX, please report it`
			`privately through GitHub Security Advisories:`

chore: revert repo references to Kaelio/ktx and remove rename-resilience (#252) The GitHub repo was renamed back from Kaelio/ktx-ai-data-agents-context to Kaelio/ktx, reverting the URL changes from #250 across package metadata, CI (codecov + star-history slugs), issue/security templates, the release runbook, and docs/install commands. Also removes the rename-resilience machinery #250 added: semantic-release now reads the repository URL straight from package.json (Kaelio/ktx) again, so the repositoryUrl() derivation in scripts/semantic-release-config.cjs, its tests, and the rename note in docs/release.md are no longer needed. 2026-06-02 00:14:43 +02:00			`[Report a vulnerability](https://github.com/Kaelio/ktx/security/advisories/new)`
chore(community): rewards program, issue templates, and triage workflow (#176) * chore(community): rewards program, issue templates, and triage workflow Adds the public-facing community engagement infrastructure. CONTRIBUTING.md introduces a three-tier rewards program (sticker / t-shirt / hoodie) gated on merged PRs, with explicit eligibility rules to keep the program sustainable. Fulfillment is handled by emailing support@kaelio.com. The .github/ISSUE_TEMPLATE/ forms give structure to bug reports and feature requests, and config.yml routes questions to the KTX Slack instead of GitHub Discussions (matching the routing established in docs-site/.../support.mdx). The triage-issues workflow applies a needs-triage label only when the issue author isn't OWNER, MEMBER, or COLLABORATOR — so internal issues stay clean while external contributions get queued for maintainer review. The first 14 connector contribution issues (#161-174) have been filed using these labels and reward tiers. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(community): add SECURITY.md Documents the private reporting channel (GitHub Security Advisories with support@kaelio.com as fallback), what reporters should include, and the supported-version policy. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-19 19:42:06 -04:00
			If you cannot use GitHub Security Advisories, email `support@kaelio.com`
			`instead. Please do not open a public issue, post in the KTX Slack, or`
			`share details elsewhere until we have published a fix.`

			`When reporting, please include:`

			`- A description of the issue and its impact`
			`- Steps to reproduce`
			`- The KTX version affected`

			`## What to expect`

			`- We will acknowledge your report within a few business days.`
			`- We will work with you to verify the issue and develop a fix.`
			`- We will credit you in the resulting advisory unless you prefer to remain`
			`anonymous.`

			`## Supported versions`

			`We provide security fixes for the latest released version of`
			[`@kaelio/ktx`](https://www.npmjs.com/package/@kaelio/ktx). Older versions
			`may receive fixes at the maintainers' discretion.`