Do not open a public issue. Email security disclosures to:

perseus@perseus.observer

You will receive a response within 48 hours. Perseus Computing LLC is a US-owned small business and treats security reports as confidential until a fix is published.

• Affected version(s)
• Steps to reproduce
• Impact assessment (what an attacker could do)
• Any suggested mitigations

1. Acknowledgment — within 48 hours
2. Triage — severity assessment within 5 business days
3. Fix development — timeline depends on severity
4. Coordinated disclosure — CVE assigned, fix released, advisory published

We support responsible disclosure and will credit reporters who follow this policy.

Perseus is a read-only context rendering engine. It does not:

• Write to your filesystem (except the output file you explicitly specify)
• Make network calls (except @http directives you explicitly author)
• Execute arbitrary code (directives are resolved in a sandboxed interpreter)
• Store credentials or secrets
• Run as a daemon or persistent process

Note: Perseus can optionally expose network services via perseus serve (HTTP API) and perseus mcp serve (MCP stdio/SSE transport). These are disabled by default and require explicit opt-in. See the serve documentation for security considerations when enabling network access.

• You author the directives. Perseus resolves them. The assistant reads resolved output.
• Perseus never sees your assistant's conversation. It renders before the session starts.
• Perseus never sees your API keys. It runs locally, reads local files, writes local files.

• Single runtime dependency: PyYAML (MIT license, widely audited)
• No native extensions — pure Python
• SBOM published at docs/SBOM.md
• We monitor GitHub Advisory Database for PyYAML CVEs
• Dependency pinned with hash checking in progress

Security: perseus@perseus.observer PGP key: Available on request