Policies, protocols, and security best practices.
Tokens and credentials in .env files excluded from repo. Automatic apiKey redaction.
The gateway runs as "node" user (UID 1000), reducing attack surface.
Scripts use flock to prevent race conditions.
All changes versioned with detailed commits.
If you discover a vulnerability, report it responsibly. Do not disclose vulnerabilities before they are fixed.
View security policy