Please do not open public issues for security-sensitive bugs. Send a private report to the maintainers with:

• affected version
• reproduction steps
• impact assessment
• any suggested fix or mitigation

Until a dedicated security contact is established, use a private fork or security advisory workflow for initial disclosure.

SecureMCP-Lite is intended to reduce risk from unsafe MCP tool usage, not to replace operating system sandboxing, container isolation, network policy, or application-level authentication.

The most important security boundaries are:

• policy-denied requests must not reach the target server
• malformed client input must not be forwarded upstream
• proxy logs should stay on stderr and must not corrupt JSON-RPC traffic on stdout
• unexpected target failures should not leave pending client requests hanging silently

Only the latest minor release in the 0.x line should be considered supported for fixes.

• Policy bypasses are treated as critical issues.
• Logging leaks of sensitive arguments are treated as high severity.
• Denial-of-service issues in the stdio proxy path are in scope.
• Supply-chain issues in direct dependencies should be reported with version and advisory details.
• Bugs that cause the proxy to silently allow denied tool calls are release-blocking.
• Bugs that cause the proxy to emit malformed JSON-RPC responses are high severity.

• Keep logging.includeArguments disabled unless you explicitly need it for local debugging.
• Treat regex policy files as code. Review them like code.
• SecureMCP-Lite should be layered with normal OS permissions and sandboxing, not used as the only line of defense.