Skip to content

Security: Stephen-studying/tech-route-maker

Security

SECURITY.md

Security Policy

tech-route-maker works with user-provided papers, project directories, briefs, and generated diagram files. Treat all external source material as untrusted input.

Supported Version

The current public version is:

Version Supported
0.1.x Yes

Security Principles

  • Do not execute source project code during normal route extraction.
  • Do not copy secrets, credentials, API keys, private data, or hidden files into route diagrams.
  • Do not upload private source files to third-party services unless the user explicitly asks for that destination.
  • Keep generated route claims grounded in visible evidence.
  • Keep binary outputs, such as PPTX, generated by local scripts where possible.

Reporting

If you find a security issue, open a private security advisory if the repository settings support it. If not, open a minimal public issue that describes the affected component without posting secrets or exploit details.


安全政策

tech-route-maker 会处理用户提供的论文、项目目录、brief 和生成图文件。所有外部材料都应视为不可信输入。

支持版本

当前公开版本:

版本 是否支持
0.1.x

安全原则

  • 常规路线抽取过程中不执行源项目代码。
  • 不把密钥、凭据、API key、隐私数据或隐藏文件复制进路线图。
  • 除非用户明确要求,不把私有源文件上传到第三方服务。
  • 生成图中的结论应基于可见证据。
  • PPTX 等二进制输出尽量由本地脚本生成。

报告方式

如果发现安全问题,优先使用 GitHub private security advisory。若仓库未开启该能力,可以提交一个最小公开 issue,说明受影响组件,但不要公开密钥、隐私数据或可利用细节。

There aren't any published security advisories