dotbabel

Security Policy

Supported Versions

Version	Supported
0.2.x	:white_check_mark:
< 0.2	:x:

Reporting a Vulnerability

If you discover a security vulnerability in this project, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please use one of these methods:

1. GitHub Private Vulnerability Reporting — Use the “Report a vulnerability” button on the Security Advisories page.
2. Email — Contact the maintainer directly at the email listed on the GitHub profile.

What to include

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

Response timeline

• Acknowledgment: within 48 hours
• Initial assessment: within 1 week
• Fix or mitigation: best effort, typically within 2 weeks for critical issues

Scope

This policy covers:

• The @dotbabel/dotbabel npm package (everything under plugins/dotbabel/)
• Shell scripts (bootstrap.sh, sync.sh)
• CI workflow templates generated by dotbabel-init
• The settings validator (validate-settings.sh)

Personal dotfiles (CLAUDE.md, commands/, skills/) are provided as-is and are not in scope for security fixes.

Threat model

Three areas receive explicit attention:

1. Bootstrap symlink trust. bootstrap.sh:19-36 replaces real files in ~/.claude/ with symlinks into the repo checkout. A compromised checkout could therefore redirect Claude Code’s view of commands/skills. Mitigation: Only symlink from checkouts you trust.
2. Destructive-git defense-in-depth. The PreToolUse hook at plugins/dotbabel/hooks/guard-destructive-git.sh blocks git reset --hard, git push --force, git clean -f*, git branch -D, and related calls. The hook is a safety net, not an access-control boundary — users can still alias destructive calls around the match. BYPASS_DESTRUCTIVE_GIT=1 exists as the documented escape.
3. Workflow secret handling. plugins/dotbabel/templates/workflows/ai-review.yml:19 gates the AI-review action on github.event.pull_request.head.repo.full_name == github.repository — same-repo PRs only, never forks. This prevents a malicious fork PR from exfiltrating the ANTHROPIC_API_KEY secret.

Supply chain

• Zero runtime dependencies in package.json. New runtime deps require an ADR.
• npm publish --provenance records the build environment; consumers can verify via the npmjs.com provenance UI.
• 2FA is enabled on the publisher account.

This site is open source. Improve this page.