# Security Policy

## Reporting Vulnerabilities

If you find a security vulnerability in BlackRoad OS:

1. **Do NOT open a public issue**
2. Use the **Security Report** issue template (marked confidential)
3. Or contact: amundsonalexa@gmail.com

## Supported Versions

| Component | Version | Supported |
|-----------|---------|-----------|
| Gitea | 1.25.4 | ✅ |
| Cloudflare Workers | Latest | ✅ |
| Node.js | 20 LTS | ✅ |
| Python | 3.12+ | ✅ |

## Security Measures

- All nodes behind Cloudflare tunnels (no exposed ports)
- WireGuard mesh encryption (10.8.0.x)
- SSH key authentication only (no passwords)
- UFW firewall on Lucidia
- Sentinel agent monitors for anomalies
- Security scan CI on all repos
- HMAC webhook signatures

## Agent Security Team

🛡️ **Sentinel** automatically reviews all security-labeled issues.

---
*BlackRoad OS — Pave Tomorrow.*