This repository contains security tools designed to protect user systems from unauthorized Claude Code CLI operations. The toolkit itself must be maintained securely.

If you discover a security vulnerability in this toolkit:

1. Contact the repository owner directly via private channels
2. Provide detailed information:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if available)
3. Allow time for patching before any public disclosure
4. Coordinated disclosure will be arranged if appropriate

• Keep the repository private - Contains security configurations specific to your systems
• Protect configuration files - Never commit actual security-config.json or storage-rules.json with real paths
• Audit commit history - Review all changes before pushing
• Use branch protection - Require reviews for merges to main

1. Review all code before deploying hooks
2. Test in isolated environment first
3. Backup existing configurations before installation
4. Monitor audit logs regularly
5. Update security patterns as new threats emerge

• Hooks operate at tool invocation level - cannot inspect Claude's internal reasoning
• Rate limiting is per-tool, not per-operation-type
• File integrity monitoring requires manual baseline creation
• Symbolic link resolution has OS dependencies

If you discover issues with:

• Claude Code CLI itself → Report to Anthropic
• This security toolkit → Report to repository owner (private)
• Security gaps in patterns → Contribute improvements via pull request

Security updates will be tagged with version numbers:

• Patch (1.0.x): Bug fixes, pattern updates
• Minor (1.x.0): New features, expanded coverage
• Major (x.0.0): Breaking changes, architecture updates

All security-related changes to this toolkit should be:

1. Documented in commit messages
2. Reviewed before merging
3. Tested thoroughly
4. Noted in CHANGELOG.md