Before a dedicated security contact is configured, open a GitHub security advisory after the public remote is created. Do not disclose exploitable vulnerabilities, credentials, or affected wallet details in a public issue.
This repository must never contain live:
- private keys or seed phrases;
- API keys or bearer tokens;
- browser cookies or authentication databases;
- production wallet exports;
- private RPC credentials;
.envfiles.
Examples must use explicit placeholders. Tests must use synthetic fixtures.
Read-only integrations are preferred. Any future write-capable integration must document:
- signer and wallet assumptions;
- chain and contract addresses;
- simulation or dry-run behavior;
- budgets and transaction caps;
- idempotency and retry behavior;
- approval boundaries;
- rollback or recovery procedure.
| Version | Supported |
|---|---|
0.1.x |
Yes |
< 0.1 |
No |
Security fixes are applied to the latest patch release in the supported minor line. The main branch may contain unreleased changes and is not a substitute for a tagged release.