MokoConsulting/MokoCassiopeia
1
1
Fork 0
Code Issues 2 Pull Requests Actions Packages Releases 1 Activity

Governance Update

Browse Source
This commit is contained in:
Jonathan Miller
2025-12-18 18:42:30 -06:00
parent 0ea9392e62
commit 2f4b184d88
4 changed files with 446 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
CODE_OF_CONDUCT.md
View File

@@ -1,87 +1,110 @@
<!-- Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech> <!--
Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
This file is part of a Moko Consulting project. This file is part of a Moko Consulting project.
SPDX-LICENSE-IDENTIFIER: GPL-3.0-or-later SPDX-License-Identifier: GPL-3.0-or-later
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the IMPLIED WARRANTY of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License (./LICENSE.md). You should have received a copy of the GNU General Public License (./LICENSE.md).
# FILE INFORMATION # FILE INFORMATION
DEFGROUP: DEFGROUP: Joomla.Template
INGROUP: Project.Documentation INGROUP: Moko-Cassiopeia.Governance
REPO: REPO: https://github.com/mokoconsulting-tech/moko-cassiopeia
VERSION: 00.00.01 FILE: CODE_OF_CONDUCT.md
PATH: ./CODE_OF_CONDUCT.md VERSION: 03.05.00
BRIEF: Reference + packaging repo for Moko Consulting Developer GPT Other Default BRIEF: Contributor code of conduct for the Moko-Cassiopeia project.
PATH: /CODE_OF_CONDUCT.md
NOTE: This document defines behavioral expectations and enforcement processes.
--> -->
# Code of Conduct
## 1. Purpose ## Code of Conduct
The purpose of this Code of Conduct is to ensure a safe, inclusive, and respectful environment for all contributors and participants in Moko Consulting projects. This applies to all interactions, whether in repositories, issue trackers, documentation, meetings, or community spaces. This Code of Conduct establishes expectations for behavior within the Moko-Cassiopeia project community. The objective is to maintain a professional, inclusive, and respectful environment aligned with open source governance best practices.
## 2. Our Standards ## Scope
Participants are expected to uphold behaviors that strengthen our community, including: This Code of Conduct applies to all project spaces, including:
Demonstrating empathy and respect toward others. * GitHub repositories, issues, pull requests, discussions, and security advisories.
Being inclusive of diverse viewpoints and backgrounds. * Project documentation, workflows, and release processes.
Gracefully accepting constructive feedback. * Any communication channels officially associated with the project.
Prioritizing collaboration over conflict.
Showing professionalism in all interactions.
### Unacceptable behavior includes: ## Our Standards
Harassment, discrimination, or derogatory comments. Participants are expected to:
Threatening or violent language or actions.
Disruptive, aggressive, or intentionally harmful behavior.
Publishing others private information without permission.
Any behavior that violates applicable laws.
## 3. Responsibilities of Maintainers * Communicate professionally and respectfully.
* Provide constructive feedback focused on technical merit and project objectives.
* Respect differing viewpoints, experience levels, and backgrounds.
* Follow documented contribution, security, and governance policies.
Maintainers are responsible for: Unacceptable behavior includes:
Clarifying acceptable behavior. * Harassment, discrimination, or exclusionary conduct.
Taking appropriate corrective action when unacceptable behavior occurs. * Personal attacks, insults, or inflammatory comments.
Removing, editing, or rejecting contributions that violate this Code. * Publishing private information without consent.
Temporarily or permanently banning contributors who engage in repeated or severe violations. * Disruptive behavior that materially interferes with project operations.
## 4. Scope ## Enforcement Responsibilities
This Code applies to: Project maintainers are responsible for:
All Moko Consulting repositories. * Clarifying standards when questions arise.
All documentation and collaboration platforms. * Taking appropriate and proportionate corrective action when violations occur.
Public and private communication related to project activities. * Maintaining confidentiality to the extent practical during investigations.
Any representation of Moko Consulting in online or offline spaces.
## 5. Enforcement ## Reporting
Instances of misconduct may be reported to: Instances of abusive, harassing, or otherwise unacceptable behavior may be reported through:
**[hello@mokoconsulting.tech](mailto:hello@mokoconsulting.tech)**
All reports will be reviewed and investigated promptly and fairly. Maintainers are obligated to maintain confidentiality where possible. * Email: `hello@mokoconsulting.tech` with subject `CODE OF CONDUCT: Moko-Cassiopeia`.
Consequences may include: Reports should include relevant context, links, screenshots, or other supporting information.
A warning. ## Enforcement Guidelines
Required training or mediation.
Temporary or permanent bans.
Escalation to legal authorities when required.
## 6. Acknowledgements Corrective actions may include, but are not limited to:
This Code of Conduct is inspired by widely adopted community guidelines, including the Contributor Covenant and major open-source collaboration standards. * Private warning or request for corrective action.
* Temporary or permanent restriction from project participation.
* Removal of content that violates this Code of Conduct.
## 7. Related Documents Decisions are made based on impact, severity, and pattern of behavior.
[Governance Guide](./docs-governance.md) ## No Retaliation
[Contributor Guide](./docs-contributing.md)
[Documentation Index](./docs-index.md)
This Code of Conduct is a living document and may be updated following the established Change Management process. Retaliation against individuals who report concerns in good faith is not tolerated. Any retaliatory behavior will be treated as a separate violation.
## Jurisdiction
This project is managed from Tennessee, USA. This statement is informational and does not constitute legal advice.
---
## Metadata
* **Document:** CODE_OF_CONDUCT.md
* **Repository:** [https://github.com/mokoconsulting-tech/moko-cassiopeia](https://github.com/mokoconsulting-tech/moko-cassiopeia)
* **Path:** /CODE_OF_CONDUCT.md
* **Owner:** Moko Consulting
* **Version:** 03.05.00
* **Status:** Active
* **Effective Date:** 2025-12-18
* **Last Reviewed:** 2025-12-18
## Revision History
| Date | Change Summary | Author |
| ---------- | ----------------------------------------------------------------------------- | --------------- |
| 2025-12-18 | Initial publication of contributor conduct standards and enforcement process. | Moko Consulting |

139
CONTRIBUTING.md
View File

@@ -3,27 +3,138 @@
This file is part of a Moko Consulting project. This file is part of a Moko Consulting project.
SPDX-LICENSE-IDENTIFIER: GPL-3.0-or-later SPDX-License-Identifier: GPL-3.0-or-later
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the IMPLIED WARRANTY of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License (./LICENSE). You should have received a copy of the GNU General Public License (./LICENSE.md).
# FILE INFORMATION # FILE INFORMATION
DEFGROUP: Joomla.Template.Site DEFGROUP: Joomla.Template
INGROUP: Moko-Cassiopeia.Documentation INGROUP: Moko-Cassiopeia.Governance
REPO: https://github.com/mokoconsulting-tech/moko-cassiopeia REPO: https://github.com/mokoconsulting-tech/moko-cassiopeia
FILE: CONTRIBUTING.md
VERSION: 03.05.00 VERSION: 03.05.00
PATH: ./CONTRIBUTING.md BRIEF: Contribution guidelines for the Moko-Cassiopeia project.
BRIEF: How to contribute; commit, PR, testing and security policies PATH: /CONTRIBUTING.md
--> NOTE: This document defines contribution workflow, standards, and governance alignment.
-->
# Contributing ## Contributing
1. Fork and branch: feat/ or fix/* This document defines how to contribute to the Moko-Cassiopeia project. The goal is to ensure changes are reviewable, auditable, and aligned with project governance and release processes.
2. Conventional Commits; sign off using DCO line
3. Open a PR with tests/docs and linked issues
**Types**: build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test ## Scope
These guidelines apply to all contributions, including:
* Source code changes
* Documentation updates
* Workflow and automation changes
* Bug reports and enhancement proposals
## Prerequisites
Contributors are expected to:
* Have a working understanding of Joomla template structure.
* Be familiar with Git and GitHub pull request workflows.
* Review repository governance documents prior to submitting changes.
## Contribution Workflow
1. Fork the repository.
2. Create a branch from the active development branch.
3. Make focused, minimal changes that address a single concern.
4. Ensure changes pass existing CI checks.
5. Submit a pull request with a clear description of intent and impact.
Direct commits to protected branches are not permitted.
## Branching and Versioning
* Development work occurs on designated development branches.
* Releases are produced from versioned branches following repository standards.
* Contributors should not bump version numbers unless explicitly requested.
## Coding and Formatting Standards
All contributions must:
* Follow Joomla coding standards where applicable.
* Conform to Moko Consulting repository standards for headers, metadata, and file structure.
* Avoid introducing tabs, inconsistent path separators, or non portable assumptions.
Automated checks may reject changes that do not meet these requirements.
## Documentation Standards
Documentation changes must:
* Include required metadata and revision history sections.
* Avoid embedding version numbers in revision history tables.
* Preserve existing structure unless a structural change is explicitly proposed.
## Commit Messages
Commit messages should:
* Be concise and descriptive.
* Focus on what changed and why.
* Avoid referencing internal issue trackers unless required.
## Reporting Issues
Bug reports and enhancement requests should be filed as GitHub issues and include:
* Clear reproduction steps or use cases.
* Expected versus actual behavior.
* Relevant environment details.
Security related issues must follow the process defined in SECURITY.md and must not be reported publicly.
## Review Process
All pull requests are subject to review. Review criteria include:
* Technical correctness
* Alignment with project goals
* Maintainability and clarity
* Risk introduced to release and update processes
Maintainers may request changes prior to approval.
## License
By contributing, you agree that your contributions will be licensed under GPL-3.0-or-later, consistent with the rest of the project.
## Code of Conduct
Participation in this project is governed by the Code of Conduct. Unacceptable behavior may result in contribution restrictions.
---
## Metadata
* **Document:** CONTRIBUTING.md
* **Repository:** [https://github.com/mokoconsulting-tech/moko-cassiopeia](https://github.com/mokoconsulting-tech/moko-cassiopeia)
* **Path:** /CONTRIBUTING.md
* **Owner:** Moko Consulting
* **Version:** 03.05.00
* **Status:** Active
* **Effective Date:** 2025-12-18
* **Last Reviewed:** 2025-12-18
## Revision History
| Date | Change Summary | Author |
| ---------- | ------------------------------------------------------------------------- | --------------- |
| 2025-12-18 | Initial publication of contribution guidelines and workflow expectations. | Moko Consulting |

251
GOVERNANCE.md
View File

@@ -15,236 +15,113 @@
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License (./LICENSE.md).
along with this program. If not, see <https://www.gnu.org/licenses/>.
# FILE INFORMATION # FILE INFORMATION
DEFGROUP: Joomla.Template.Site DEFGROUP: Joomla.Template
INGROUP: Moko-Cassiopeia.Documentation INGROUP: Moko-Cassiopeia.Governance
REPO: https://github.com/mokoconsulting-tech/moko-cassiopeia REPO: https://github.com/mokoconsulting-tech/moko-cassiopeia
FILE: ./GOVERNANCE.md FILE: GOVERNANCE.md
VERSION: 03.05.00 VERSION: 03.05.00
BRIEF: Governance for Moko-Cassiopeia template BRIEF: Project governance model, roles, and decision processes for Moko-Cassiopeia.
PATH: /GOVERNANCE.md
NOTE: This document defines authority, decision making, and escalation paths.
--> -->
## Governance Overview
# Governance Document Set This document defines the governance framework for the Moko-Cassiopeia project. The objective is to ensure clear ownership, predictable decision making, and accountable stewardship across development, releases, and community interaction.
This document contains the canonical governance markdown files required for enterprise-grade open source project management within the Moko ecosystem. Each section represents an individual file. ## Project Ownership
--- Moko-Cassiopeia is owned and maintained by **Moko Consulting**. Final authority for project direction, releases, and policy enforcement resides with the project owner.
## FILE: GOVERNANCE.md ## Roles and Responsibilities
# Governance ### Maintainers
This document defines the governance framework for this repository. It establishes authority, decision-making processes, escalation paths, and accountability mechanisms. Maintainers are responsible for:
### Governance Model * Setting technical direction and release priorities.
* Reviewing and approving pull requests.
* Managing releases and distribution artifacts.
* Enforcing repository policies, including security and conduct requirements.
This repository operates under a maintainer-led governance model. ### Contributors
Final authority resides with the designated Maintainers, who are responsible for technical direction, compliance, and release approval. Contributors may:
### Roles and Responsibilities * Submit pull requests and issues.
* Propose enhancements and report defects.
* Participate in technical discussions.
**Maintainers** Contributors do not have merge authority unless explicitly granted.
- Approve releases and version tags
- Enforce coding, documentation, and licensing standards
- Resolve disputes and merge conflicts
- Ensure audit and compliance readiness
**Contributors** ## Decision Making
- Submit changes via pull requests
- Adhere to all defined standards and workflows
- Respond to review feedback in a timely manner
### Decision Making Decisions are made using a maintainers led model:
Decisions are made through documented pull requests and issues. * Routine changes are approved through pull request review.
All material decisions must be traceable via Git history. * Material changes affecting architecture, branding, licensing, or release processes require maintainer consensus.
* The project owner retains final decision authority if consensus cannot be reached.
### Amendments ## Change Management
Changes to governance require Maintainer approval and must be recorded in the CHANGELOG. Significant changes should:
--- * Be documented through issues or pull requests with clear rationale.
* Consider backward compatibility and upgrade impact.
* Include documentation updates when behavior or usage changes.
## FILE: CODE_OF_CONDUCT.md ## Release Authority
# Code of Conduct Only maintainers may:
This project adheres to a professional, inclusive, and respectful code of conduct. * Cut releases and publish artifacts.
* Update version numbers and manifests.
* Publish update metadata or advisories.
### Expected Behavior Release processes follow documented workflows and automation standards.
- Professional and respectful communication ## Security Governance
- Constructive feedback
- Focus on technical merit and documented standards
### Unacceptable Behavior Security issues are governed by the SECURITY.md policy. Maintainers are responsible for confidential handling, coordinated disclosure, and publication of advisories when appropriate.
- Harassment or discrimination ## Conduct Enforcement
- Hostile or abusive language
- Disruptive behavior in issues or pull requests
### Enforcement Behavior within the project is governed by CODE_OF_CONDUCT.md. Maintainers are responsible for enforcement actions and escalation handling.
Maintainers are responsible for enforcement. ## Conflict Resolution
Violations may result in warnings, suspension, or removal.
--- Conflicts are handled through:
## FILE: CONTRIBUTING.md * Direct discussion between involved parties when appropriate.
* Maintainer mediation when necessary.
* Final determination by the project owner if required.
# Contributing ## External Dependencies
This document defines the contribution workflow and compliance requirements. The project depends on Joomla core and other third party components. Governance of upstream projects remains outside the scope of this repository, but upstream changes may influence project decisions.
### Contribution Requirements ## Jurisdiction
- All changes must be submitted via pull request This project is managed from Tennessee, USA. This statement is informational and does not constitute legal advice.
- All CI checks must pass
- SPDX headers and FILE INFORMATION blocks are mandatory where applicable
- Documentation changes must include Metadata and Revision History sections
### Commit Standards
Commits must be atomic, descriptive, and traceable to an issue or change request.
### Review Process
- Maintainer review is required
- CI validation is mandatory
- Approval is required before merge
---
## FILE: SECURITY.md
# Security Policy
This document defines the security posture and reporting process.
### Supported Versions
Only the latest released version and active development branches are supported.
### Reporting Vulnerabilities
Security issues must be reported privately to the Maintainers.
Public disclosure prior to resolution is prohibited.
### Response Process
- Acknowledge receipt within a reasonable timeframe
- Assess severity and impact
- Issue patches or mitigations as required
---
## FILE: COMPLIANCE.md
# Compliance
This repository is designed to support audit and compliance requirements.
### Licensing
All code must comply with GPL-3.0-or-later licensing requirements.
SPDX identifiers are mandatory.
### Documentation Compliance
- Mandatory Metadata sections
- Mandatory Revision History sections
- Version traceability across manifests, changelogs, and releases
### CI Enforcement
Automated workflows enforce:
- Path consistency
- Formatting rules
- Manifest validation
- Changelog governance
---
## FILE: RISK_REGISTER.md
# Risk Register
This document tracks identified risks and mitigation strategies.
### Risk Categories
- Technical debt
- Security vulnerabilities
- Compliance drift
- Dependency instability
### Management
Risks are reviewed during release cycles.
Mitigations must be documented and traceable.
---
## FILE: CHANGE_MANAGEMENT.md
# Change Management
This document defines how changes are introduced, reviewed, and released.
### Change Types
- Patch
- Minor
- Major
### Process
- Documented pull request
- CI validation
- Version bump and changelog update
- Maintainer approval
### Traceability
All changes must be traceable through Git history and release artifacts.
---
## FILE: GOVERNANCE_INDEX.md
# Governance Index
This file serves as the authoritative index of governance artifacts.
### Governance Documents
- GOVERNANCE.md
- CODE_OF_CONDUCT.md
- CONTRIBUTING.md
- SECURITY.md
- COMPLIANCE.md
- RISK_REGISTER.md
- CHANGE_MANAGEMENT.md
--- ---
## Metadata ## Metadata
- DEFGROUP: MokoStandards * **Document:** GOVERNANCE.md
- INGROUP: Governance * **Repository:** [https://github.com/mokoconsulting-tech/moko-cassiopeia](https://github.com/mokoconsulting-tech/moko-cassiopeia)
- REPO: https://github.com/mokoconsulting-tech * **Path:** /GOVERNANCE.md
- JURISDICTION: Tennessee, United States * **Owner:** Moko Consulting
- LICENSE: GPL-3.0-or-later * **Version:** 03.05.00
* **Status:** Active
--- * **Effective Date:** 2025-12-18
* **Last Reviewed:** 2025-12-18
## Revision History ## Revision History
| Version | Date | Description | | Date | Change Summary | Author |
|--------:|------------|---------------------------------| | ---------- | ----------------------------------------------------------------------- | --------------- |
| 01.00.00 | 2025-12-18 | Initial governance document set | | 2025-12-18 | Initial publication of governance model, roles, and decision processes. | Moko Consulting |

177
SECURITY.md Normal file
View File

@@ -0,0 +1,177 @@
<!--
Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
This file is part of a Moko Consulting project.
SPDX-License-Identifier: GPL-3.0-or-later
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License (./LICENSE.md).
# FILE INFORMATION
DEFGROUP: Joomla.Template
INGROUP: Moko-Cassiopeia.Governance
REPO: https://github.com/mokoconsulting-tech/moko-cassiopeia
FILE: SECURITY.md
VERSION: 03.05.00
BRIEF: Security policy and vulnerability reporting process for Moko-Cassiopeia.
PATH: /SECURITY.md
NOTE: This policy is process oriented and does not replace secure engineering practices.
-->
## Security Policy
This document defines how Moko-Cassiopeia handles vulnerability intake, triage, remediation, and disclosure. The objective is to reduce risk, protect downstream users, and preserve operational continuity with a verifiable audit trail.
## Scope
This policy applies to:
* Repository source code, workflows, scripts, and build artifacts.
* Release packaging (ZIP outputs) generated from the repository.
* Configuration and metadata used for distribution (for example manifests and update metadata).
Out of scope:
* Vulnerabilities in upstream Joomla core, third party extensions, or external infrastructure not controlled by this repository.
* Issues that require physical access to a host, compromised administrator credentials, or a compromised hosting provider, unless the repository materially increases impact.
## Supported Versions
Security fixes are prioritized for:
* The latest released version.
* The current development line when it is actively used for release engineering.
Backports may be provided based on impact, deployment footprint, and engineering capacity.
## Reporting a Vulnerability
Use one of the following channels:
* GitHub Security Advisories (preferred): use the repository security tab to submit a private report.
* Email: send details to `hello@mokoconsulting.tech` with subject `SECURITY: Moko-Cassiopeia vulnerability report`.
Do not file a public GitHub issue for suspected security vulnerabilities.
### What to include
Provide enough detail to reproduce and triage:
* A clear description of the vulnerability and expected impact.
* A minimal proof of concept or reproduction steps.
* Affected versions, configuration assumptions, and environment details.
* Any proposed mitigation or patch.
* Your preferred contact details for follow up.
## Triage and Response Targets
The project operates with response targets aligned to practical delivery realities:
* **Acknowledgement:** within 3 business days.
* **Initial triage:** within 10 business days.
* **Fix plan:** communicated once severity is confirmed.
These targets are not guarantees. Complex issues, supply chain considerations, and coordination with upstream vendors may extend timelines.
## Severity Assessment
Issues are triaged based on business impact and technical exploitability, including:
* Remote exploitability and required privileges.
* Data confidentiality, integrity, and availability impact.
* Likelihood of exploitation in typical Joomla deployments.
* Exposure surface (public endpoints, administrator area, installation flows, and update mechanisms).
When appropriate, industry standard scoring such as CVSS may be used for internal prioritization.
## Coordinated Disclosure
The project follows coordinated vulnerability disclosure:
* Reports are treated as confidential until remediation is available.
* A public advisory may be published once a fix is released.
* A reasonable embargo period is expected to enable patch distribution.
If you believe disclosure is time sensitive due to active exploitation, include that assessment and any supporting indicators.
## Security Updates and Advisories
Security updates are distributed through:
* GitHub releases for the repository.
* GitHub Security Advisories when applicable.
Advisories may include:
* Affected versions and fixed versions.
* Mitigations and workarounds when a fix is not immediately available.
* Upgrade guidance.
## Dependencies and Supply Chain Controls
The project aims to manage supply chain risk through:
* Pinning and review of workflow dependencies where feasible.
* Minimizing privileged GitHub token permissions.
* Validating build inputs prior to packaging releases.
If you identify a supply chain issue (for example compromised action, dependency confusion, or malicious upstream artifact), report it as a vulnerability.
## Secure Development and CI Expectations
Security posture is reinforced through operational controls:
* CI validation for packaging inputs and manifest integrity.
* Consistent path normalization and whitespace hygiene checks where required for release correctness.
* Least privilege for GitHub Actions permissions.
This policy does not guarantee that all vulnerabilities will be prevented. It defines how risk is managed when issues are discovered.
## Safe Harbor
The project supports good faith security research. When you:
* Avoid privacy violations, data destruction, and service disruption.
* Limit testing to systems you own or have explicit permission to test.
* Provide a reasonable window for coordinated disclosure.
Then the project will treat your report as a constructive security contribution.
Jurisdiction note: this repository is managed from Tennessee, USA. This note is informational only and does not constitute legal advice.
## Public Communications
Only maintainers will publish security advisories or public statements for confirmed vulnerabilities. Public communication will focus on actionable remediation and operational risk reduction.
## Acknowledgements
If you want credit, include the name or handle to list in an advisory. If you prefer anonymity, state that explicitly.
---
## Metadata
* **Document:** SECURITY.md
* **Repository:** [https://github.com/mokoconsulting-tech/moko-cassiopeia](https://github.com/mokoconsulting-tech/moko-cassiopeia)
* **Path:** /SECURITY.md
* **Owner:** Moko Consulting
* **Version:** 03.05.00
* **Status:** Active
* **Effective Date:** 2025-12-18
* **Last Reviewed:** 2025-12-18
## Revision History
| Date | Change Summary | Author |
| ---------- | ------------------------------------------------------------------------------------------------ | --------------- |
| 2025-12-18 | Initial publication of security policy, intake channels, triage targets, and disclosure process. | Moko Consulting |