This is a public, MIT-licensed reference project. It is built with public-repo safety as a first-class concern.
Please report security issues privately via GitHub: Security → Report a vulnerability (private advisory) on this repository. Do not open a public issue for a suspected vulnerability.
- No secret is ever committed.
.envis gitignored; only.env.example(placeholders) is tracked. gitleaksruns as a pre-commit hook and in CI, and fails closed.- Cloud credentials use OIDC / Workload Identity, never long-lived JSON keys committed to the repo.
- Terraform state is stored in a remote, encrypted, locked backend and is
never committed (
*.tfstateis gitignored). - API keys (Gemini, Langfuse) live only in local
.envand in GitHub Actions secrets.
- Input validation + size limits on every endpoint (Pydantic).
- API-key auth, rate-limiting, and CORS (locked to the UI origin) as FastAPI middleware.
- The seed corpus is synthetic and public-safe — no PII.
- Agent tools (planned) are allow-listed and argument-validated server-side; the MCP server authenticates its transport and treats tool descriptions/results as untrusted (tool-poisoning / prompt-injection defense).