BlogAgent is internal editorial drafting, not autonomous publishing. It produces draft content for a human editor to review — it does not post, publish, or send anything on its own. This policy covers both secrets/ configuration security and the safety expectations for generated content.

If you discover a security issue in BlogAgent, please open a private report via GitHub's Security Advisories for this repository rather than filing a public issue. Include:

• a description of the issue and its impact
• steps to reproduce
• the affected file(s) or endpoint(s)

We aim to acknowledge reports within a few days.

BlogAgent reads all credentials from environment variables — never from source files:

• ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY — LLM providers
• TAVILY_API_KEY — search provider
• BLOGAGENT_WORKER_SECRET — optional shared secret for /run endpoints
• AGENTPULSE_INGEST_KEY — optional telemetry ingest key

.env.example lists every supported variable with a placeholder value. Copy it to .env for local development; .env (and any .env.* variant other than .env.example) is gitignored and must never be committed.

If a key is ever committed or leaked, rotate it immediately at the provider and update your local/deployment environment — do not rely on removing it from git history alone, since the old value must be treated as compromised.

• The default LLM provider is mock and the default search provider is mock — no API calls and no API keys are required to run the app or test suite.
• Real LLM calls require explicitly setting BLOGAGENT_LLM_PROVIDER to a live provider and opting in via BLOGAGENT_USE_LLM_EDITOR, BLOGAGENT_USE_LLM_FACTCHECK, and/or BLOGAGENT_USE_LLM_CITATION_JUDGE.
• BlogAgent never publishes, posts, emails, schedules, or otherwise modifies external systems. Any request containing publishing/posting/sending/ scheduling intent is blocked before the article workflow runs (see check_external_effects in CLAUDE.md).

No API keys are read by or exposed to client-side/browser code. All provider calls happen server-side. The browser UI (/app) only ever receives the final article package and run metadata — never raw credentials.

Every article BlogAgent produces is a draft, regardless of its publish_ready_status. Generated content requires human review before it is published, shared, or relied upon — BlogAgent grounds claims in sources and flags unsupported ones, but it does not guarantee factual correctness and is not a substitute for editorial judgment.

Financial, legal, medical, and other high-risk topics require conservative handling. For these topics, BlogAgent prefers to under-claim: when evidence is insufficient or confidence is low, the pipeline returns an evidence report (sources and findings, not a polished recommendation) rather than presenting uncertain information as settled advice. Do not treat any BlogAgent output on these topics as financial, legal, or medical advice.

For non-vulnerability concerns (e.g. a draft containing a fabricated source or citation), open an issue in this repository describing the topic and the problematic output — do not include any API keys, tokens, or other secrets in issue text.