Context AI is currently in active development. Security fixes are applied to the main branch only.
| Version | Supported |
|---|---|
main (latest) |
✅ |
| Older commits | ❌ |
Do not open a public GitHub issue for security vulnerabilities.
Report security issues privately by emailing the maintainer directly. Include:
- A description of the vulnerability
- Steps to reproduce
- The potential impact
- Any suggested remediation
You will receive an acknowledgement within 48 hours. If the vulnerability is confirmed, a fix will be prioritized and credited to you in the changelog (unless you prefer anonymity).
Context AI is designed for self-hosted, personal, or small-team use. The following controls are implemented:
| Layer | Implementation |
|---|---|
| Password hashing | PBKDF2-SHA256 · 120,000 iterations · 16-byte random salt per user |
| Token comparison | hmac.compare_digest — constant-time, immune to timing attacks |
| Token generation | secrets.token_urlsafe(48) — 384-bit CSPRNG |
| Session expiry | Bearer tokens expire after 30 days |
| Session revocation | Tokens invalidated on logout, password change, and account deletion |
| Password policy | 8–128 characters · uppercase + lowercase + digit + special character |
| Data isolation | Per-user ChromaDB collections — no cross-user vector access |
| File validation | Only .pdf and .docx are accepted at the API layer |
The application does not include the following controls by default. These belong at the deployment/infrastructure layer, not the application layer:
- Rate limiting on
/auth/loginand/auth/register— implement via Nginx, Caddy, or a similar reverse proxy. - HTTPS/TLS termination — required for any deployment beyond localhost.
- Input size limits — limit upload size at the reverse proxy.
- CORS configuration — not restricted; configure for your deployment environment.
Before exposing Context AI to untrusted users on a public network, address these at the infrastructure layer.
The following are not in scope for this security policy:
- Vulnerabilities in third-party dependencies (report upstream to the relevant package maintainers)
- Attacks that require physical access to the host machine
- Social engineering attacks