Security Policy

Scope

In scope:

ccg-router daemon
Local HTTP API
Registry schema and signature verification
Local ledger storage behavior

Out of scope:

Third-party registries published by others
User-provided upstream endpoints
Misconfigured local environments

Reporting

Use GitHub Security Advisories for XZXY-AI/ccg-router.

Expected timeline:

Acknowledgement within 72 hours
Fix or mitigation target within 90 days

Verifying Release Archives

Release archives and checksums.txt are signed with cosign keyless signing from GitHub Actions.

cosign verify-blob \
  --certificate-identity-regexp 'https://github.com/XZXY-AI/ccg-router/.*' \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --signature <archive>.sig <archive>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security

SECURITY.md

Security Policy

Scope

Reporting

Verifying Release Archives

There aren't any published security advisories

Security: XZXY-AI/ccg-router

Security

SECURITY.md

Security Policy

Scope

Reporting

Verifying Release Archives

There aren't any published security advisories