Cairn is in alpha. The on-disk index format, the MCP tool schema, and the Python public APIs are stable within a minor release but may change between minor releases. We will note breaking changes in CHANGELOG.md.

If you believe you've found a security issue:

1. Do not open a public GitHub issue or PR.
2. Use GitHub's private vulnerability reporting for this repository. If that is not enabled yet, open a minimal public issue asking for a private contact path, without including exploit details.
3. Include:
   • A description of the issue and its impact.
   • Steps to reproduce, ideally a minimal repro.
   • Your suggested severity (optional but appreciated).
4. We will acknowledge receipt within 3 working days and aim to confirm or refute the report within 14 working days.

We consider the following in scope:

• Cairn's CLI, MCP server, and Python public API in cairn.*.
• The cairn-bench framework.
• Index file formats and how Cairn handles untrusted input documents during ingestion / indexing.

We consider the following out of scope:

• Bugs in upstream dependencies (pymupdf, lancedb, mcp, pydantic, …) — please report those to their respective projects. We will track and upgrade once a fix is available.
• Issues that require write access to the user's .cairn/ directory or that depend on a malicious LLM endpoint configured by the user.

Cairn defaults to local-only operation: a local Ollama instance for summaries and embeddings, a local LanceDB store on disk. No network call is made under default configuration. Any endpoint override is the user's explicit opt-in.

Once a fix is available, we will publish a security advisory referencing the affected versions and the patched release. Reporters are credited by name (or by handle, on request) unless they prefer to remain anonymous.