# Security Policy

## Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly:

1. **Do NOT** open a public issue
2. Use the **Security Report** issue template (marked confidential)
3. Or email: amundsonalexa@gmail.com

## Supported Versions

| Version | Supported |
|---------|-----------|
| Latest  | Yes       |

## Security Practices

- All SSH keys are audited regularly
- Secrets are stored in Cloudflare Worker secrets, never in code
- UFW firewall on all exposed nodes
- WireGuard encrypted mesh between all nodes
- Cloudflare Tunnels for external access (no open ports)
- Agent tokens are per-user with minimal required permissions

## Agents

Sentinel (🛡️) automatically reviews all issues and PRs for security implications.

---
*BlackRoad OS — Pave Tomorrow.*