Smart CLI is currently in its initial development phase. We are committed to providing security updates for the most recent versions.

We take the security of Smart CLI seriously. If you have discovered a security vulnerability in our project, please follow these steps to report it:

1. Do not disclose the vulnerability publicly until it has been addressed by our team.
2. Email your findings to jj.olvera.n@gmail.com. Encrypt your email using our PGP key to ensure confidentiality.
3. Provide a detailed description of the vulnerability, including:
   • The version of Smart CLI affected
   • Steps to reproduce the issue
   • Potential impact of the vulnerability
   • Any possible mitigations you've identified

• We will acknowledge receipt of your vulnerability report within 3 business days.
• We will provide a more detailed response within 10 business days, indicating the next steps in handling your report.
• We will keep you informed about our progress in addressing the vulnerability.
• We will notify you when the vulnerability has been fixed and ask you to verify the fix.

At this time, we do not offer a bug bounty program. We do, however, sincerely appreciate your efforts in responsibly disclosing any security issues.

To ensure the security of your Smart CLI installation:

1. Always use the latest version of Smart CLI.
2. Keep your API tokens secure and do not share them.
3. Regularly review the conversations and data stored by Smart CLI.
4. Use strong, unique passwords for your OpenAI and Anthropic accounts.
5. Be cautious when using Smart CLI with sensitive information.

Thank you for helping to keep Smart CLI and its users safe!