At Copilotkit, we are continuously working to improve not only the product but also the open-source repository. To achieve this, we encourage you to take some time to responsibly disclose any issues you may encounter.

We hope this product meets your expectations. However, if you notice anything that seems off, please feel free to report the issue by following the steps below:

1. Contact Information:

   • Email: [email protected]

2. Required Information:

   • A detailed description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact or risk
   • Any possible mitigations or workarounds

3. Preferred Method of Disclosure:
   Since our community operates in a public domain, please do not discuss the details of the vulnerability publicly. When escalating the issue, simply mention that you are trying to reach someone from the security team.

• Acknowledgment: Within 48 hours of receiving your report, we will acknowledge your submission.
• Investigation: We will investigate the issue within 5 business days.
• Resolution: We aim to release a fix or mitigation within 30 days of confirming the vulnerability.

If you do not receive an acknowledgment of your email within 48 hours, and you haven’t heard from our security team after 5 days, please directly message someone from the Copilotkit team in our Discord community.

While we strive to keep our project secure, here are a few best practices for users of our software:

• Always keep your installation up to date with the latest security patches.
• Avoid using outdated or unsupported versions of the project.
• Regularly audit your dependencies and review their security advisories.

Thank you for helping us maintain the security and integrity of this project.