Skip to content

Security: Cryptoteep/gitquill

Security

SECURITY.md

Security Policy

Supported versions

gitquill is pre-1.0 software. We security-fix the latest released version only.

Version Supported
0.1.x

Reporting a vulnerability

Please do not open a public GitHub issue for security problems.

Instead, email cryptoteep@users.noreply.github.com with:

  • a description of the issue and its impact
  • steps to reproduce
  • any mitigations you have identified

We will acknowledge within 72 hours and aim to ship a fix or mitigation within 30 days. Coordinated disclosure is very welcome.

Hardening notes

  • gitquill stores configuration at ~/.gitquill/config.json. This file may contain an API key. Ensure the file is chmod 600 and never commit it.
  • The default provider is a local Ollama instance — no data leaves your machine unless you explicitly switch presets.
  • When using a cloud provider, diffs and commit messages are sent to that provider. Do not use cloud presets for repositories containing secrets.
  • gitquill truncates staged diffs larger than 20 000 characters before sending them to the model, as a coarse leak-reduction measure.

There aren't any published security advisories