If you discover a security vulnerability in any Rhizome project, please report it by opening a private security advisory in the relevant repository.
- Go to the repository's Security tab
- Click "Report a vulnerability"
- Provide details about the issue
We will respond within 48 hours and work with you to understand and address the issue.
This policy applies to all repositories under the rhi-zone organization:
- Normalize - Structural code intelligence
- Interconnect - Federation protocol for persistent worlds
- Unshape - Constructive media generation
- Playmate - Game design primitives library
- Dew - Minimal expression language
- Concord - API bindings IR and codegen
- Paraphase - Pipeline orchestrator for data conversion
- Dusklight - Universal UI client with control plane
- Reincarnate - Legacy software lifting framework
- Myenv - Ecosystem orchestrator
- Moonlet - Lua runtime with plugin system
- Portals - Standard library interfaces
- Zone - Lua-based tools, scaffolds, and orchestration
We provide security updates for the latest release of each project. Older versions may not receive patches.