If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public issue
- Email the maintainers directly (or use GitHub's private vulnerability reporting)
- Include details about the vulnerability
- Allow reasonable time for a fix before disclosure
| Version | Supported |
|---|---|
| 0.2.x | Yes |
| 0.2.0-beta.x | Yes, until v0.2.0 GA is published |
| 0.1.x | Security fixes only when practical |
engram stores data locally. Users should:
- Protect the
~/.engramdirectory - Be cautious about what data is indexed
- Review MCP tool permissions
- Pre-warm embeddings if first-run network access is not acceptable:
engram warmup embeddings