Local Brain RAG is a portfolio project, but it is structured with production security habits.
Security fixes are accepted against main.
Please do not disclose sensitive findings publicly before a fix is available. Open a private GitHub security advisory when possible, or create a minimal issue that avoids exploit details.
- Never commit real API keys, tokens, private data, or local
.envfiles. - Keep generated artifacts and local caches out of Git.
- Validate environment configuration before enabling integrations.
- Treat AI output as untrusted until it passes guardrails and human review.