We provide security updates for the latest minor release line.
Please do not open public issues for security problems.
- Email:
security@codewithphone.com - Include:
- affected version/commit
- reproduction steps
- impact assessment
- proposed mitigation (optional)
We aim to acknowledge reports within 72 hours and provide a remediation plan after triage.
This policy covers the daemon code in this repository. Security issues in third-party runtimes (Claude CLI, Gemini CLI, Codex CLI) should also be reported to their respective vendors.