Skip to content

Security: JMR825/CivicPulse-AI

Security

SECURITY.md

Security Policy

Supported Versions

Security updates are strictly applied to active components currently maintained on our primary deployment branch.

Version Supported
Main 🟢 Supported
< Main ❌ Not Supported

Reporting a Vulnerability

🚨 Crucial Notice Regarding API Keys

CivicPulse-AI relies on highly sensitive access points, including the GEMINI_API_KEY and multiple production Firebase keys.

  • Do not open a public issue if you locate an exposed string, leaked backend environment variables, or critical infrastructure weaknesses.
  • Opening a public issue risks immediate exploitation of active API quotas or cloud infrastructure.

How to Report Privately

If you identify a security gap or exposed configuration secret, please report it immediately to the project maintainer:

You will receive an initial response within 48 hours to coordinate validation, triage, and patch deployment before any public disclosure is made. Thank you for helping keep this civic platform secure!

There aren't any published security advisories