From cdf322602f66a4c688e58b8d7aa113ee459d3e44 Mon Sep 17 00:00:00 2001 From: mkelvers Date: Sun, 21 Jun 2026 16:52:19 +0200 Subject: [PATCH] docs: wrap security policy prose --- SECURITY.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 69c4a5b..5426b2d 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -18,8 +18,8 @@ Report security concerns privately to the repository maintainer. Include as much - the potential impact; - any suggested fix or mitigation, if you have one. -You can expect a best-effort response acknowledging the report, followed by validation and a fix when -the issue is reproducible and in scope. +You can expect a best-effort response acknowledging the report, followed by validation and a fix +when the issue is reproducible and in scope. ## Security Scope @@ -48,17 +48,17 @@ The following are generally out of scope unless they expose a direct application ## Operational Notes This application is designed to be self-hosted and local-first. If you deploy it beyond a private -local environment, you are responsible for the surrounding production controls, including TLS, network -access, backups, secrets management, reverse proxy configuration, logging retention, and dependency -monitoring. +local environment, you are responsible for the surrounding production controls, including TLS, +network access, backups, secrets management, reverse proxy configuration, logging retention, and +dependency monitoring. Use a strong `PLAYBACK_PROXY_SECRET` if playback proxy token signing is enabled. Do not commit real secrets, provider tokens, session data, or production databases to the repository. ## Dependency Security -Dependencies are managed through Go modules and Bun. When updating dependencies, run the normal local -checks before merging: +Dependencies are managed through Go modules and Bun. When updating dependencies, run the normal +local checks before merging: ```bash just check