We take security vulnerabilities seriously. If you discover a security issue, please follow these steps:

Security vulnerabilities should not be disclosed publicly until they have been addressed.

Please report security vulnerabilities by emailing:

security@contextflow.ai (or create a private security advisory on GitHub)

Include the following information:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Fix Timeline: Depends on severity (critical: 24-72 hours, high: 1-2 weeks, medium: 1 month)

Once a fix is available:

1. We will release a patched version
2. We will publish a security advisory
3. We will credit the reporter (unless they prefer anonymity)

# NEVER hardcode API keys
# Bad
client = Anthropic(api_key="sk-ant-...")

# Good - Use environment variables
import os
client = Anthropic(api_key=os.getenv("ANTHROPIC_API_KEY"))

• Use .env files for local development
• NEVER commit .env to version control
• Use secrets management in production (AWS Secrets Manager, HashiCorp Vault, etc.)

• Always use HTTPS in production
• Configure CORS appropriately
• Use rate limiting for API endpoints

• All user inputs are validated via Pydantic models
• File paths are sanitized
• SQL injection prevented via parameterized queries (SQLite)

• Dependencies are pinned in poetry.lock
• Regular security audits via safety and bandit
• Dependabot alerts enabled

1. Input Validation - Pydantic models validate all inputs
2. Error Handling - Sensitive information not leaked in errors
3. Logging - Structured logging without sensitive data
4. Rate Limiting - Configurable rate limits on API
5. CORS - Configurable cross-origin policies

1. Prompt Injection - Users should implement prompt guards for production
2. Output Filtering - Verification protocol can filter harmful outputs
3. Token Limits - Configurable limits prevent runaway costs
4. Provider Isolation - Each provider is isolated

[ ] API keys stored in secure secrets manager
[ ] HTTPS enabled with valid certificate
[ ] CORS configured for specific origins only
[ ] Rate limiting enabled
[ ] Logging configured (without sensitive data)
[ ] Regular dependency updates
[ ] Input validation enabled
[ ] Error messages sanitized
[ ] Session management secured
[ ] Network policies configured

The RLM strategy includes a REPL environment for code execution. While sandboxed:

• Only safe builtins are available
• External libraries are restricted
• Timeout limits prevent infinite loops

Recommendation: In high-security environments, consider disabling RLM or adding additional sandboxing.

Documents added to RAG are stored in memory:

• No encryption at rest (memory-based)
• Documents are not persisted by default
• Consider sensitivity of indexed content

Session data is stored in SQLite:

• Not encrypted by default
• Consider database encryption for sensitive use cases

For security-related inquiries:

• Email: security@contextflow.ai
• GitHub Security Advisories: Create Advisory

Thank you for helping keep ContextFlow secure!