Infragate Solutions LTD takes the security of MPAOP seriously. If you believe you have found a security vulnerability in this repository, the deployed platform, or any related infrastructure, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, submit the report privately via one of the following channels:

1. Primary contact: via the contact form at https://infragatesolutions.com
2. GitHub Security Advisory: use the "Report a vulnerability" button on the repository's Security tab (if enabled)

Please provide as much of the following information as possible to help us assess the report quickly:

• A clear description of the vulnerability and its potential impact
• The affected component (API endpoint, dashboard page, worker, MCP tool, package, etc.)
• Steps to reproduce, including sample requests or code
• Any proof-of-concept exploit code (kept confidential)
• Your assessment of severity (informational / low / medium / high / critical)
• Whether the issue affects the public live platform at streamtvlive.cloud
• Your name or handle for credit in the acknowledgements (optional)

• Acknowledgement: within 5 business days of receipt
• Initial triage: within 10 business days, including severity classification and expected remediation timeline
• Coordinated disclosure: we request that you do not publicly disclose the vulnerability until a fix has been deployed to production and we have agreed on a disclosure date

• The MPAOP control-plane API at api.streamtvlive.cloud
• The MCP Streamable HTTP endpoint at mcp.streamtvlive.cloud
• The operator dashboard at streamtvlive.cloud
• The source code in this repository
• Published npm packages originating from this monorepo (if any)

• Denial-of-service attacks against the live platform
• Social engineering of Infragate Solutions employees or customers
• Physical attacks
• Attacks requiring compromise of a user's device, browser, or network
• Vulnerabilities in third-party dependencies unless they are directly exploitable in the context of MPAOP
• Rate-limit bypass reports without demonstrable impact

Only the master branch of this repository is supported. Security fixes are deployed to production within hours of verification for critical issues.

Infragate Solutions LTD will not pursue legal action against security researchers who:

• Report vulnerabilities in good faith and in a non-destructive manner
• Do not access, modify, or destroy data belonging to other users
• Do not exploit the vulnerability beyond what is necessary to demonstrate its existence
• Give Infragate Solutions LTD a reasonable opportunity to respond before any public disclosure
• Do not violate any applicable law in the course of their research

Thank you for helping keep MPAOP and our customers safe.

— Infragate Solutions LTD