Skip to content

Security: OndCo/CAVA

Security

SECURITY.md

Security Policy

Please do not disclose security issues in public GitHub issues.

Report suspected vulnerabilities or unsafe governance behavior to:

jw@nd.im

Include:

  • affected package and version;
  • minimal reproduction steps;
  • expected vs. observed behavior;
  • whether the issue affects receipt verification, approval binding, parser-pack decomposition, or action fingerprinting.

This repository does not include OSuite Studio's managed runtime, customer connectors, enterprise signers, or hosted evidence services.

There aren't any published security advisories