If you discover a security vulnerability in Monogram, please report it privately so we can fix it before public disclosure.

How to report:

• GitHub Security Advisory (preferred): https://github.com/HarimxChoi/monogram/security/advisories/new
• Email: security@monogram.example (you can encrypt with the PGP key in docs/security-pgp.txt if the issue is sensitive)

Please include:

• A description of the vulnerability
• Steps to reproduce (proof-of-concept if possible)
• Impact assessment (what an attacker could do)
• Your preferred contact for follow-up

Please do not:

• Open a public GitHub issue for security reports
• Exploit the vulnerability against any instance you don't own
• Share the vulnerability publicly until a fix is released

This is a solo-maintainer project. Honest expectations:

If you don't hear back within the acknowledgment window, please follow up — email filters fail sometimes.

Monogram handles sensitive data on three surfaces:

1. Credential pipeline — drops classified as credential write to life/credentials/ and must NEVER leak to other paths (drops.md, MEMORY.md, brief, weekly report). Any leak is critical. As a backstop, the Writer passes every staged write except the credential file itself through secret_filter.redact() (src/monogram/secret_filter.py).
2. Prompt injection — classifier output is used to route writes. Injection that bypasses the classifier to write a credential under a benign target_kind is critical — though the secret_filter backstop redacts well-known key shapes before any such write lands.
3. LLM data exfiltration — drops may contain private content. A path where the full drop is sent to an unintended third-party service (e.g., accidental public logging) is high.

Bugs that are not security issues (please file as normal issues):

• Extraction quality problems (e.g., PDF OCR fails)
• Latency regressions
• UX papercuts
• Documentation errors

In scope:

• The mono-gram Python package as published on PyPI
• Code in the HarimxChoi/monogram repository
• The HarimxChoi/monogram Obsidian plugin (shipped from the same repo)

Out of scope:

• Issues in upstream dependencies (report to them directly)
• Issues in user-provided MCP servers or Claude Desktop configuration
• Issues in the user's own vault repository hosting

After a fix is released, we will credit reporters in the CHANGELOG unless they request anonymity. A CVE will be requested for any vulnerability rated High or Critical.

Only the latest minor version receives security fixes. Users on older versions should upgrade.

• PyPI publishing: Trusted Publishing (OIDC) + attestations via Sigstore. No long-lived API tokens.
• Dependency audit: pip-audit in CI; Dependabot for weekly dependency updates.
• Secret scanning: gitleaks pre-release audit.
• Credential handling: hard-coded life/credentials/ exclusion from LLM context via safe_read.py gate, plus a writer-level secret_filter.redact() backstop on every non-credential write.
• Telegram session: monogram_session.session is in .gitignore and must never be committed.