Rewrite the README around purpose, architecture, quickstart, and status. Add contributing/security policies plus a docs index with audience front matter across existing docs.
1.8 KiB
Security Policy
Supported versions
member-console is pre-production and under active development. Security fixes
are applied to the main branch only; there are no separately maintained release
branches yet.
Reporting a vulnerability
Please do not report security vulnerabilities through public issues, pull requests, or discussions.
Instead, report them privately so we can assess and fix the issue before it is publicly disclosed.
- Preferred: email security@wiki.cafe (placeholder — confirm the real address) with a description of the issue and, if possible, steps to reproduce.
- Alternatively, contact the maintainers privately through git.coopcloud.tech/wiki-cafe.
Please include:
- a description of the vulnerability and its potential impact,
- steps to reproduce or a proof of concept,
- any affected versions, configuration, or components (for example, the operator panel, the Stripe webhook pipeline, or a provider integration).
What to expect
- We will acknowledge your report as soon as we are able.
- We will investigate, keep you informed of progress, and let you know when a fix is available.
- We will credit reporters who wish to be named once a fix has shipped, unless you prefer to remain anonymous.
Scope
Because this is a self-hostable application, some risk depends on how a given
deployment is configured. Reports that involve the code in this repository — the
member console, its operator/member surfaces, its webhook and workflow
processing, or the provider-extension contract — are in scope. The test stack
under test/ ships with deliberately non-secret development
credentials; those are not vulnerabilities.