PolicyStrata is a deterministic policy-regression testing artifact. It is not an authorization boundary or a replacement for application/database access controls.
Report suspected vulnerabilities privately to support@raintree.technology.
Please include the affected version or commit, reproduction steps, and expected impact. Do not send live customer data, production credentials, or proprietary schemas; use a synthetic reproduction when possible.
Security-relevant issues include:
- imported SQL escaping the read-only allowlist;
- scanner behavior that mutates a configured database;
- credential or secret disclosure in generated artifacts;
- installation or dependency issues that affect normal CLI use.
Detection gaps against unknown production incidents are methodology limitations, not security vulnerabilities in the artifact.
The test suite includes deterministic high-confidence secret-pattern scanning over repository text
files and fixture checks that require fixture email addresses to use reserved .example domains.
Run them with:
uv run pytest tests/test_security_posture.pyThis guard is intentionally conservative and should be kept alongside GitHub dependency review, CodeQL, and Socket alerts.