Neural Commander
Get Started

Security Policy

We take security seriously. Learn how to report vulnerabilities and our commitment to protecting your projects.

Supported Versions

Version Status
0.99.x (current) Supported
0.98.x Supported
< 0.98 Not supported

Report a Vulnerability

If you discover a security vulnerability, please report it responsibly using the form below. We'll acknowledge your report within 24 hours.

By submitting this form, you agree to responsible disclosure practices.

What to Expect

Timeline Action
24 hours Acknowledgment of report received
72 hours Initial assessment and severity rating
7 days Progress update or fix timeline
30 days Resolution for critical/high issues
90 days Resolution for medium/low issues

Scope

In Scope

  • Neural Commander CLI (nc binary)
  • NC Daemon and API server
  • NC Desktop application
  • Configuration file handling
  • Session persistence mechanisms
  • File system operations

Out of Scope

  • Third-party dependencies (report to upstream)
  • Issues requiring physical access
  • Social engineering attacks
  • DoS via excessive API calls

Security Best Practices

For Users

  • 1. Keep NC Updated — Always use the latest version
  • 2. Secure API — Use --api-key for production
  • 3. File Permissions — Restrict access to ~/.neural-commander/
  • 4. Review CLAUDE.md — Audit AI directives before running

For Developers

  • 1. Never commit secrets — Use environment variables
  • 2. Validate inputs — Sanitize file paths and user input
  • 3. Limit file access — Stay within project boundaries
  • 4. Audit dependencies — Run go mod verify regularly

Security Considerations

Local File Access

NC reads and writes files within project directories. The daemon monitors file system changes. This is expected behavior for project health scanning.

AI Guardrails

NC generates AI directives (CLAUDE.md) that are injected into AI assistant context. These are text-based safety rules, not executable code.

Session Persistence

NC stores session data in ~/.neural-commander/sessions/. This may contain project context and file paths. Protect this directory with appropriate permissions.

Questions?

For security questions or concerns not related to vulnerability reports:

Contact Us

This policy follows RFC 9116 guidelines.

Referral Program

Refer a Dev Friend, Earn Free Months

Know a developer who'd love Neural Commander? Send them an invite and earn Pro credits when they sign up.

Friend starts trial = 1 month free
Friend goes Pro monthly = +1 month free
Friend goes Pro annual = +2 months free
Friend joins Community Edition = 10,000 GIVEKUDOS tokens

Credits stack! Refer multiple friends for even more rewards. Add your Counterparty address to receive GIVEKUDOS tokens.

Earn 10K GIVEKUDOS when your friend joins Community Edition

Friend's details (we'll send them an invite)

We'll email your friend with your personal invite. No spam, ever.