ArkheionX LOCAL REVIEW INFRASTRUCTURE Source

Security policy

Use only with authorization.

ArkheionX is defensive review infrastructure. Repository access and testing scope must be explicitly authorized.

Operating boundary

  • Use ArkheionX only on repositories and systems you are authorized to review.
  • Keep the default workflow local. Do not add production credentials or sensitive target configuration.
  • Do not use generated artifacts to justify unsafe interaction with deployed systems.
  • No exploit automation is part of the public website installer or default review workflow.

Reporting a security issue

Do not place sensitive vulnerability details in a public issue when disclosure could create risk. Prefer a private GitHub Security Advisory for the repository. Include the affected commit, a minimal reproduction, impact reasoning, and any temporary mitigation you have identified.

General bugs and documentation defects that carry no sensitive security detail may use the public issue tracker.

No security verdict

ArkheionX does not guarantee discovery, confirm a vulnerability, prove a protocol safe, or assign final severity. A clean run is not a security conclusion. A generated signal is not a validated finding.