This project is in active early development. Security fixes are applied to the
main branch.
Please do not open a public issue for security vulnerabilities.
Instead, report privately through GitHub's private vulnerability reporting (Security tab → "Report a vulnerability"). We aim to acknowledge reports within a few days and will keep you updated on remediation progress.
- Never commit API keys. Configuration is read from environment variables or a
local, gitignored
.envfile (see.env.example). - Bearer-token auth for the public surface is available via
MOM_API_KEYS.