| Version | Supported |
|---|---|
| 0.0.x | ✔ |
We aim to back-port critical security fixes to the most recent minor release. Older releases will be evaluated case-by-case.
Please report security issues privately to security@gpurig.dev.
When reporting, include:
- A description of the vulnerability and potential impact.
- Steps to reproduce (proof-of-concept where possible).
- Affected versions of BMAD Agent and LM Studio configuration (if applicable).
You can optionally encrypt the email using our PGP key (available on request).
We will acknowledge your report within 3 business days and aim to provide an initial assessment or mitigation plan within 10 business days. Throughout the process we will keep you informed and coordinate disclosure timing so users have a chance to patch.
- We triage the report and reproduce the issue.
- A fix is developed, reviewed, and validated (including smoke tests).
- A security advisory and patched release are published.
- Credits are given to reporters who opt in to disclosure.
Thank you for helping keep BMAD Agent secure.