| Version | Supported |
|---|---|
| 0.x (latest) | Yes |
Do not open a public issue. Instead, email the maintainer directly:
- Email: security@projectnavi.ai
- Subject prefix:
[navi-bootstrap] SECURITY:
Include:
- A description of the vulnerability
- Steps to reproduce or a proof-of-concept
- The impact as you understand it
- Acknowledge: within 48 hours
- Fix or disclose: within 90 days
If the vulnerability is accepted, a fix will be released and credited in the changelog (unless you prefer to remain anonymous). If declined, you'll receive an explanation.
This policy covers the navi-bootstrap engine, CLI, and bundled template packs. User-supplied specs and custom packs are out of scope.