20 lines
705 B
Markdown
20 lines
705 B
Markdown
# Security
|
|
|
|
AITuner launches local or remote serving engines and may replay trace payloads.
|
|
Do not commit secrets, API keys, private trace content, or private model access
|
|
tokens.
|
|
|
|
## Reporting
|
|
|
|
Report security issues privately to the project maintainers. If this repository
|
|
is mirrored to a public forge, use that forge's private vulnerability reporting
|
|
flow when available.
|
|
|
|
## Operational Guidance
|
|
|
|
- Keep `.env` files local; `.env.example` documents expected variable names.
|
|
- Review generated trial artifacts before publishing them, because request
|
|
payloads may contain trace text.
|
|
- Treat remote execution configs as sensitive when they include internal host
|
|
names, paths, or scheduler details.
|