docs: prepare repository for open-source collaboration

2026-04-15 12:34:46 +08:00 · 2026-03-09 15:07:30 +08:00
parent f8bd942b6f
commit 984766e85e
9 changed files with 451 additions and 1 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,35 @@
+# Security Policy
+
+## Supported Versions
+
+This project is currently maintained on the `main` branch only.
+
+| Version | Supported |
+| ------- | --------- |
+| main    | ✅        |
+
+## Reporting a Vulnerability
+
+If you discover a security issue, please report it privately first.
+
+Preferred channels:
+
+1. Open a private security advisory in GitHub (if enabled).
+2. If private advisory is not available, open an issue with minimal details and
+   request a private follow-up from maintainers.
+
+Please include:
+
+- A clear description of the vulnerability
+- Affected files/endpoints/flows
+- Reproduction steps or proof of concept
+- Potential impact
+- Suggested remediation (if available)
+
+## Response Expectations
+
+- Initial triage target: within 3 business days
+- Status update target: within 7 business days
+- Fix timeline depends on severity and release constraints
+
+We will coordinate disclosure timing after remediation is available.