Security Policy
CodeSight is a defensive security tool. Policy for the tool itself below.
Reporting Vulnerabilities
Found a security vulnerability in CodeSight? Do not open a public issue.
Email AvixoSec@gmail.com with:
- Description of the vulnerability
- Steps to reproduce
- Impact assessment
- Suggested fix (if any)
Response within 48 hours, coordinated disclosure.
Scope
CodeSight is strictly a defensive cybersecurity tool:
- Does not execute untrusted code
- Does not exfiltrate data
- No offensive capabilities
Data Handling
- API keys stored locally in
~/.codesight/config.json - Source code goes only to the configured LLM provider API
- No telemetry, no analytics, no phone-home
- Ollama mode keeps everything on your machine - zero network calls
Supported Versions
| Version | Supported |
|---|---|
| 0.3.x | Yes |
| 0.2.x | No - please upgrade |
| 0.1.x | No - please upgrade |