If you discover a security vulnerability in TeamGraph AI, do not open a public issue.
Please report it privately using one of the following methods:
- GitHub Security Advisories: Use the "Report a vulnerability" button on the Security tab of this repository.
- Email: Contact the maintainers directly at the email listed in the repository profile.
| Version | Supported |
|---|---|
| master | ✅ |
- Authentication: Session tokens are hashed before storage. API keys are stored as bcrypt hashes.
- Authorization: Role-based access control with admin/member separation. Members cannot approve context or manage teams.
- Data Isolation: Organizations and projects are isolated via foreign key constraints and query-level filtering.
- Secrets: All credentials are loaded from environment variables. No secrets should be committed to the repository.
- Graphiti Integration: LLM calls are isolated behind a service wrapper with graceful degradation to approved-context-only search.
- Connector integrations (Slack, GitHub, Drive, Notion) are placeholder-only and do not store real OAuth tokens in production.
- The MCP CLI stores API keys locally in a config file; users should protect this file with appropriate filesystem permissions.