Skip to content

Security: moegon/BMAD-Agent

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
0.0.x

We aim to back-port critical security fixes to the most recent minor release. Older releases will be evaluated case-by-case.

Reporting a Vulnerability

Please report security issues privately to security@gpurig.dev.

When reporting, include:

  • A description of the vulnerability and potential impact.
  • Steps to reproduce (proof-of-concept where possible).
  • Affected versions of BMAD Agent and LM Studio configuration (if applicable).

You can optionally encrypt the email using our PGP key (available on request).

We will acknowledge your report within 3 business days and aim to provide an initial assessment or mitigation plan within 10 business days. Throughout the process we will keep you informed and coordinate disclosure timing so users have a chance to patch.

Preferred Fix Process

  1. We triage the report and reproduce the issue.
  2. A fix is developed, reviewed, and validated (including smoke tests).
  3. A security advisory and patched release are published.
  4. Credits are given to reporters who opt in to disclosure.

Thank you for helping keep BMAD Agent secure.

There aren't any published security advisories