mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-17 23:09:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b819a4ac59
system-prompts-and-models-o.../dealix/SECURITY.md
Sami Assiri f79c69ff25 ci(dealix): root GitHub workflows, ai-company track, full Dealix API tree 
Made-with: Cursor
2026-05-01 14:03:52 +03:00

75 lines
2.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Security Policy | سياسة الأمن
## 🛡️ Supported versions
| Version | Supported |
| ------- | --------- |
| 2.x | ✅ |
| 1.x | ❌ (EOL) |
## 🐛 Reporting a vulnerability
**Please do NOT open a public issue for security vulnerabilities.**
Instead, report them privately via:
- **Email**: security@ai-company.sa
- **GitHub Security Advisories**: [Open a private advisory](../../security/advisories/new)
Include:
1. A description of the vulnerability.
2. Steps to reproduce.
3. Potential impact.
4. Any suggested fixes.
We aim to acknowledge within **48 hours** and provide a resolution timeline within **7 days**.
## 🔒 Security features in this project
- **Config**: all secrets loaded from `.env` via `pydantic-settings` with `SecretStr`.
- **Secret scanning**: `gitleaks` + `detect-secrets` + `trufflehog` in pre-commit AND CI.
- **Dependency scanning**: Dependabot weekly + `bandit` Python security linter.
- **Docker**: non-root user, multi-stage build, minimal base image.
- **Webhooks**: HMAC-SHA256 signature verification (WhatsApp).
- **LinkedIn integration**: disabled by default (ToS compliance).
## 🔑 Key rotation guidance
If you believe a key has been exposed:
1. **Immediately** rotate the key in the provider's dashboard:
- Anthropic Console → API Keys → regenerate
- DeepSeek, Groq, GLM, Google, OpenAI: regenerate in respective consoles
- HubSpot, Resend, SendGrid: regenerate
- WhatsApp Business: regenerate access token
2. Update `.env` with the new key.
3. Redeploy.
4. Check GitHub → Settings → Secret scanning alerts.
5. Run `gitleaks detect --source . --report-format json` to scan history.
## ✅ Pre-commit checklist for maintainers
Before merging any PR:
- [ ] `gitleaks` pre-commit hook passed
- [ ] No new files in `.env*` except `.env.example`
- [ ] No new domain-specific secrets in `core/` or `integrations/`
- [ ] All new integrations use `settings.*_api_key.get_secret_value()` pattern
---
## 🇸🇦 بالعربية
### الإبلاغ عن ثغرات
**لا تفتح issue عام للثغرات الأمنية.** أرسل إلى: **security@ai-company.sa**
نهدف للرد خلال ٤٨ ساعة وتقديم جدول زمني للحل خلال ٧ أيام.
### تدوير المفاتيح
إذا تسرّب مفتاح:
1. **فوراً** دوّر المفتاح من لوحة المزود.
2. حدّث `.env`.
3. أعد النشر.
4. افحص تنبيهات GitHub secret scanning.
Reference in New Issue View Git Blame Copy Permalink