tech-route-maker works with user-provided papers, project directories, briefs, and generated diagram files. Treat all external source material as untrusted input.
The current public version is:
| Version | Supported |
|---|---|
| 0.1.x | Yes |
- Do not execute source project code during normal route extraction.
- Do not copy secrets, credentials, API keys, private data, or hidden files into route diagrams.
- Do not upload private source files to third-party services unless the user explicitly asks for that destination.
- Keep generated route claims grounded in visible evidence.
- Keep binary outputs, such as PPTX, generated by local scripts where possible.
If you find a security issue, open a private security advisory if the repository settings support it. If not, open a minimal public issue that describes the affected component without posting secrets or exploit details.
tech-route-maker 会处理用户提供的论文、项目目录、brief 和生成图文件。所有外部材料都应视为不可信输入。
当前公开版本:
| 版本 | 是否支持 |
|---|---|
| 0.1.x | 是 |
- 常规路线抽取过程中不执行源项目代码。
- 不把密钥、凭据、API key、隐私数据或隐藏文件复制进路线图。
- 除非用户明确要求,不把私有源文件上传到第三方服务。
- 生成图中的结论应基于可见证据。
- PPTX 等二进制输出尽量由本地脚本生成。
如果发现安全问题,优先使用 GitHub private security advisory。若仓库未开启该能力,可以提交一个最小公开 issue,说明受影响组件,但不要公开密钥、隐私数据或可利用细节。