View as Markdown Report issue

Security

If you believe you found a security vulnerability in CapaKit, please report it privately.

Do not open a public GitHub issue for vulnerabilities, suspected sandbox escapes, secret exposure, package integrity issues, or unauthorized workload access.

Report a Vulnerability

Email: security@capakit.com

Please include:

  • affected CapaKit CLI version
  • macOS version and CPU architecture
  • short impact summary
  • minimal reproduction steps
  • relevant logs with secrets removed
  • whether the issue involves secrets, sandbox isolation, network isolation, package integrity, or workload access

Do not send real API keys, production tokens, private customer data, or private Kit source unless we explicitly ask for it.

Supported Versions

During public alpha, only the latest published CapaKit CLI version is supported for security fixes.

Before reporting, please update to the latest CLI version when possible:

capakit --version

What To Report Privately

Report security-sensitive issues privately when they involve:

  • access to undeclared files, mounts, secrets, or environment data
  • workload sandbox escape
  • bypassing workload-to-workload connection policy
  • unauthorized access to Kit secrets or vault secrets
  • package, installer, or update integrity issues
  • sensitive data appearing in logs or generated files
  • cross-Kit or cross-workload isolation failures

Non-Security Bugs

For regular bugs, installer problems, docs issues, or confusing behavior, open a public issue:

https://github.com/capakit/cli/issues

Back to top Report an issue