We take security seriously at Hexaxia Technologies.

If you discover a security vulnerability in HexOps, please report it responsibly:

1. Do not open a public GitHub issue for security vulnerabilities
2. Use GitHub Security Advisories to report privately
3. Include as much detail as possible:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• We will acknowledge receipt within 48 hours
• We will provide an initial assessment within 7 days
• We will work with you to understand and resolve the issue
• Once fixed, we will publicly acknowledge your contribution (unless you prefer to remain anonymous)

HexOps runs locally on your machine. Security considerations include:

• Local file access: HexOps reads/writes to configured project directories
• Shell execution: The integrated terminal runs commands with your user permissions
• Network requests: Limited to configured integrations (Vercel API, package registries)

Since HexOps is a local development tool (not a web service), typical web vulnerabilities (XSS, CSRF, etc.) have limited impact. However, we still want to know about any issues that could compromise a developer's local environment.

When using HexOps:

• Keep your hexops.config.json private (it's in .gitignore by default)
• Don't expose HexOps to external networks
• Review package updates before applying them in bulk