If you discover a security vulnerability, please report it by opening an issue or contacting the maintainers directly.
Codie follows these security practices:
- No secrets in artifacts: Never store API keys, tokens, or credentials in .planning/ files
- Prompt injection defense: All file contents are treated as untrusted data
- Path validation: File operations are restricted to project directories
- External service confirmation: Always confirm before interacting with external services