Security updates are provided for the latest main branch and latest tagged release.
Do not open public issues for vulnerabilities.
Report privately to: security@sovereign.local Include:
- Summary and impact
- Reproduction steps
- Affected versions
- Suggested remediation (if known)
We aim to acknowledge reports within 72 hours.
- Runtime policy gating for tool execution
- Auth tokens and gateway pairing
- Rate and cost controls
- Local encrypted secrets storage
- Approval workflow for high-risk actions