Skip to content

Security: dsmcewan/LEXI

Security

SECURITY.md

Security Policy

Scope

LEXI is a private, single-maintainer application handling confidential family-law case data. The database is encrypted at rest with SQLCipher (AES-256); the encryption key (DB_ENCRYPTION_KEY) is never committed.

Supported Versions

Only the current main branch is supported. There are no released versions.

Branch Supported
main

Reporting a Vulnerability

Report suspected vulnerabilities privately to dsmcewan@gmail.com. Do not open a public GitHub issue for security reports. Expect an acknowledgement within 5 business days. Please include reproduction steps and affected files.

Handling of Secrets and Case Data

Never commit .env, *.db, *.sqlite3, or any case memory / evidence artifact. The repo-hygiene CI gate (scripts/check_repo_hygiene.sh) blocks tracked databases and scratch files.

There aren't any published security advisories