Please do NOT open a public GitHub issue for security vulnerabilities.

Instead, report them confidentially:

• Email: luis@salgadoia.com
• Subject: [Sinapsis] Security: <brief description>
• Include: steps to reproduce, affected version, potential impact

We follow responsible disclosure. If you report a vulnerability, we will credit you in the CHANGELOG and release notes (unless you prefer anonymity).

The following areas are in scope for security reports:

• Claude Code platform vulnerabilities — report these to Anthropic
• Vulnerabilities requiring physical access to the machine
• Social engineering attacks against users
• Issues in third-party dependencies (Node.js, Python, bash) — report upstream

• execFileSync / spawnSync used instead of execSync with string concatenation (prevents command injection — [Bug #4, v4.3.1])
• No user-controlled strings passed directly to shell commands
• Inject sanitization: 500-character limit + blocked patterns on instinct injection

• 12-category secret scrubbing in observation pipeline:
  • GitHub tokens (ghp_, gho_, ghs_, ghu_)
  • JWT tokens (eyJ...)
  • AWS keys (AKIA...)
  • Stripe keys (sk_live_, sk_test_, pk_live_, pk_test_)
  • Generic API keys, passwords, connection strings
  • Base64-encoded credentials
• Secrets are redacted before writing to observations.jsonl

• Trigger patterns validated against ReDoS before compilation ([Bug #12, v4.3.1])
• Patterns with nested quantifiers or catastrophic backtracking are rejected
• Maximum pattern length enforced

• Atomic writes: temporary file + rename pattern on all JSON/JSONL data files
• File locking via fcntl.flock (Unix) with graceful fallback on Windows
• Lock files with 1-hour stale detection (dream cycle)
• Restrictive permissions (chmod 600) on all data files containing learned patterns

• Installer detects existing installation and creates timestamped backup
• User data files (_instincts-index.json, _passive-rules.json, _sinapsis-projects.json, _operator-state.json) are preserved on upgrade — never overwritten
• --force-update flag required to explicitly reset data files
• CLAUDE.md is never overwritten if it exists
• settings.json hooks are never overwritten (manual merge documented)

• Observation text sanitized before storage
• Instinct injection limited to 500 characters with blocked shell patterns
• Unicode support in Jaccard similarity (dream cycle duplicate detection)
• Contradiction detection uses 7 opposing keyword pairs (EN+ES) to prevent conflicting instincts

Sinapsis includes 52+ automated tests across 4 test suites. To run security-specific tests:

# Security tests (command injection, ReDoS, secret scrubbing)
bash tests/test-security.sh

# Installation and upgrade safety tests
bash tests/test-install-upgrade.sh

# Dream cycle tests (index integrity, lock files, atomic writes)
bash tests/test-dream.sh

# End-to-end integration tests
bash tests/test-e2e-dream.sh

# Reflection orchestrator tests
bash tests/test-reflection-orchestrator.sh

# Run ALL tests
for f in tests/test-*.sh; do bash "$f"; done

Full audit details in CHANGELOG.md under v4.3.1.

1. Keep Sinapsis updated — run git pull and re-run the installer regularly
2. Review instinct proposals before accepting — use /analyze-session to inspect what the learning engine proposes
3. Don't store secrets in project files — Sinapsis scans for them, but prevention is better than detection
4. Run periodic security audits on your projects — check OWASP Top 10, STRIDE, and supply chain risks
5. Use /dream to maintain index hygiene — removes duplicates, contradictions, and stale patterns