Security¶
Report vulnerabilities privately via GitHub's
private vulnerability reporting —
do not open a public issue. See the repository's
SECURITY.md for supported
versions and response expectations.
Separately, mokata ships a defensive feature: 4-layer secret protection and a sync
security hook (secret_guard.py, exit code 2) that blocks secrets before they are written,
committed, or sent. mokata is local-first and sends nothing off-machine by default.