If you discover a security vulnerability in QA Captain, please report it responsibly:
- Do not open a public issue
- Email the maintainer or open a private security advisory on GitHub
- Include steps to reproduce, impact assessment, and any suggested fixes
We will acknowledge receipt within 48 hours and provide a timeline for resolution.
QA Captain is a local-first CLI tool. It:
- Reads git repository data locally
- Writes files to the local
.qa-captain/directory - Does not transmit data to external services
- Does not execute arbitrary code from diffs
| Version | Supported |
|---|---|
| 0.1.x | Yes |