Keel is an experimental probe (pre-1.0): a thin knowledge-base layer plus a few plain-Bash tools
(secret-guard, doctor, public-audit, install). The security-relevant surface is those tools and
the git hooks they wire — not a running service.
Please report privately — don't open a public issue for a security bug.
- Preferred: open a private security advisory (GitHub → the repo's Security tab → Report a vulnerability).
- Include what the flaw lets an attacker do, the affected file/command, and a minimal repro.
Expect a best-effort first response within about a week. As a solo, unfunded probe there is no SLA beyond
that; a fix lands as a normal PR and is noted in CHANGELOG.md.
In scope:
secret-guardfailing open — a key-shaped secret that should be blocked slips through commit/push.public-auditmissing a real identity/secret leak it claims to catch before a private→public flip.install.shor the hooks clobbering or mis-wiring a user's existing git config or files.
Known limits (by design — not vulnerabilities):
secret-guardis a prefix backstop, not full DLP. It catches known key shapes (ghp_,AKIA…,sk-…,glpat-, …), not arbitrary secrets like an AWS secret key, a JWT, or a password. A clean pass means "no known key shape found," never "no secret here."- The prose layer (
PRINCIPLES.md,FRAMEWORK.md, the rails) biases an agent; it does not enforce anything — the human is the trigger (see the README's mechanized vs needs-you).
Only the latest main and the most recent tag receive fixes; there is no
back-porting.