WinterSolve is intended to work with developer projects, which may include sensitive source code, secrets, logs, and configuration files.
- Avoid exposing private code unnecessarily.
- Make AI provider behavior explicit.
- Support safer local workflows over time.
- Encourage careful handling of logs, secrets, and credentials.
If you find a security issue, please report it privately to the maintainers instead of opening a public issue.
Include:
- A clear description of the issue
- Steps to reproduce
- Potential impact
- Suggested fix, if known
WinterSolve contributors should avoid committing:
- API keys
- Access tokens
- Passwords
- Private logs
- Customer data
- Proprietary code samples without permission