COGMINT is under active development. Only the latest minor release on main receives security fixes.

Please do not open a public issue for security reports.

Use one of the following private channels:

1. Open a private security advisory on this repository.
2. Or, contact the maintainer directly through their GitHub profile: @RealThanhNguyxn.

When reporting, please include:

• A clear description of the issue
• Steps to reproduce or a proof-of-concept
• Affected version, OS, and runtime details
• Any relevant logs or screenshots (with secrets redacted)

You will receive an acknowledgement within a reasonable timeframe. We will work with you to confirm the issue, prepare a fix, and coordinate disclosure.

In scope:

• The COGMINT application code in this repository
• Distribution scripts under scripts/distribution/
• Plugin entry under .claude-plugin/

Out of scope:

• Third-party dependencies (please report upstream)
• The Claude Code CLI itself (report to Anthropic)
• Issues requiring an already-compromised local machine

Good-faith research conducted under this policy is welcome. We will not pursue or support legal action against researchers who follow this policy.