Lorekeeper stores AI agent memory locally. If you discover a security vulnerability, please report it privately so we can address it before disclosure.

Do not file a public GitHub issue. Instead, email the maintainer directly at jessinra.kai@gmail.com with:

• A description of the vulnerability
• Steps to reproduce (minimal, if possible)
• Affected versions

We aim to acknowledge receipt within 48 hours and provide an initial assessment within 5 business days. Once the issue is resolved, we'll coordinate disclosure with you.

This policy covers the lorekeeper-mcp Python package and the lorekeeper CLI tool. Issues in dependencies (Chromadb, Mem0, etc.) should be reported to their respective maintainers.

PGP key available on request — email to arrange.