If you discover a security vulnerability in this project, please report it responsibly:
- Do NOT create a public GitHub issue
- Email Ali Shehral directly at shehral.m@northeastern.edu
- Provide a detailed description of the vulnerability
- Allow reasonable time for the issue to be addressed before disclosure
| Version | Supported |
|---|---|
| main | ✅ |
| Others | ❌ |
This project implements several security measures:
- JWT-based authentication with signature validation
- Multi-tenant data isolation
- Per-user rate limiting
- Input validation and sanitization
- Security headers middleware
- Prompt injection defense for LLM inputs
- Secrets management via environment variables
This project depends on several third-party services and libraries. Security updates for dependencies are monitored and applied regularly.
This is a research project and should not be used in production environments handling sensitive data without additional security review.