If you discover a security vulnerability in Kodegraf, please report it responsibly:

1. Do NOT open a public issue
2. Email: Create a private security advisory on GitHub

We will acknowledge your report within 48 hours and aim to release a fix within 7 days for critical issues.

• Read-only access to source code files (for parsing)
• Local SQLite database (.kodegraf/graph.db) — never transmitted
• No network calls — fully local, no telemetry, no cloud services
• No secrets handling — does not read .env files or credentials

• No eval(), exec(), or dynamic code execution
• No shell=True in subprocess calls
• SQL queries use parameterized ? placeholders — no string interpolation
• File paths validated to be within the repository root
• MCP responses sanitize node names (strip control characters, cap length)
• No data leaves the machine — graph is local-only

• Tree-sitter grammars are statically linked (compiled into the binary)
• No runtime downloads or dynamic loading
• Dependencies pinned in Cargo.lock