Status: Production Updated: 2026-04-09 Module: colibri

Colibri takes security seriously. This document explains what is in scope, how to report a vulnerability, and what kind of response to expect.

Colibri is in the specification phase. Phase 0 bootstrap has not started, and the repository contains zero TypeScript runtime code. The canonical vision lives in docs/colibri-system.md. Any src/ paths you see in the specification are implementation targets, not files that exist today.

This means the current attack surface is intentionally small:

• The public documentation published to GitHub Pages (static HTML + CSS + one hero JS file with zero runtime dependencies)
• The Jekyll build pipeline and its remote theme
• The repository itself (doc integrity, supply-chain exposure via CI workflows)
• The Obsidian vault sync scripts in temp/ (local utility scripts)

There is no running MCP server, no database, no exposed network service. Once Phase 0 ships the first Colibri TypeScript code, this policy will be revised to cover the runtime surface (MCP transport, better-sqlite3 persistence, Zod validation boundaries, Chevrotain parsers, Merkle proof chain, etc.).

Colibri currently publishes from main only. There are no tagged releases and no LTS branches. Security fixes land on main and are reflected on GitHub Pages automatically.

Please do not open a public GitHub issue for security reports. Public disclosure can expose other users before a fix is available.

Use one of these private channels instead:

1. GitHub Private Security Advisories (preferred) — open a private report at https://github.com/LastEld/AMS/security/advisories/new. This is the fastest path and keeps the disclosure coordinated through GitHub.

2. Direct contact to the maintainer — open a minimal public issue with the title Security contact request (no details) and the maintainer will respond with a private channel.

• A clear description of the issue and the surface it affects (Pages site, docs build, a sync script, a CI workflow, a dependency, etc.)
• Steps to reproduce, or a minimal proof-of-concept
• The commit SHA or Pages URL where you observed the issue
• Your assessment of impact (information disclosure, integrity, availability, supply chain, etc.)
• Whether you plan to disclose publicly, and on what timeline

• Documentation typos, broken links, or factual errors in prose. Open a normal issue or PR.
• Feature requests. Open a normal issue.
• Findings in pre-R53 AMS / CogniMesh / Phoenix donor code. That code has been deleted from the repository. Only findings against the current main are in scope.
• Social engineering of maintainers, physical attacks, or denial-of-service on GitHub Pages infrastructure. Those are out of scope for this project's policy.

Because Colibri is pre-Phase 0 and maintained by a small team, there is no formal SLA. That said, the maintainer's goal is:

• Acknowledge a report within a few business days via the channel it came in on.
• Triage — confirm, reproduce, and classify impact — as the first priority after acknowledgement.
• Fix in the normal rounds pipeline, with the fix commit explicitly linked to the advisory when it is published.
• Disclose only after a fix is live on main and GitHub Pages, unless you prefer to coordinate a different timeline.

Credit is given to reporters by default. If you prefer to remain anonymous, tell us in the report.

If you're evaluating Colibri and wondering what's worth testing today, the honest answer is:

• The Pages site at https://lasteld.github.io/AMS/ (static only, one JS file, zero CDN deps post R74.3)
• The Jekyll build workflow and its pinned remote theme
• The CI workflow in .github/workflows/ci.yml
• The dependency footprint of the Jekyll build
• The sync scripts under temp/ (local utilities; a malicious one could leak files from the repo — see the R74.3.1 post-mortem in the memory index where a wrong robocopy source leaked .env into the Obsidian vault mirror)

Runtime, database, agent orchestration, proof generation, and the MCP tool surface do not exist yet. Security review of those will become meaningful once Phase 0 code lands.

Thank you for helping keep Colibri's small-but-growing surface honest. When Phase 0 ships, this policy will be expanded to cover the runtime.