If you discover a security vulnerability in Nova, please report it responsibly.
Do NOT open a public issue for security vulnerabilities.
Instead, please send an email to: security@example.com
Include:
- A description of the vulnerability
- Steps to reproduce the issue
- Any potential impact or exploit scenarios
| Version | Supported |
|---|---|
| 0.2.0-mission-002 | ✅ |
| < 0.2.0 | ❌ |
Nova is designed with constitutional governance at its core:
- Lawful Execution: All actions pass through CRK-2 legality checks
- Immutable Ledger: All actions are recorded in an append-only ledger
- Invariant Enforcement: System invariants are checked before and after operations
- Continuity Preservation: System state and identity are preserved across operations
- Observer Bundle: The Mission #002 observer bundle has a verified SHA-256 hash. Always verify bundle integrity before use.
- API Keys: Never commit API keys or secrets. Use environment variables.
- Runtime Access: The governed runtime should be deployed with appropriate access controls.
We regularly update dependencies to address known vulnerabilities. CI includes automated dependency scanning where available.
This project is licensed under the MIT License - see the LICENSE file for details.