This document outlines the global security policy for all repositories, projects, and members participating in the TeGriAi Labs GitHub organization. This policy aims to define the security measures and protocols designed to protect our intellectual property and sensitive information.

This policy applies to all members, contributors, maintainers, and any third-party services integrated into the TeGriAi Labs GitHub organization.

• Organization Owners and Administrators: Responsible for managing access controls, reviewing security logs, and enforcing the security policy.
• Project Maintainers: Ensure that the project follows this Global Security Policy and any associated project-specific security guidelines.
• Contributors: Must adhere to this Global Security Policy and any security measures project maintainers implement.

1. Two-Factor Authentication (2FA): Enabling 2FA is mandatory for all members with push, pull, or administrative access to repositories.
2. Minimum Access Principle: Members should be given the least amount of access—read, write, or admin—needed to accomplish their tasks.

1. All pull requests must undergo a security review by a maintainer before merging.
2. At least two maintainers must review any changes to security configurations or sensitive areas of the codebase.

1. Sensitive information, including but not limited to API keys and credentials, should never be stored in a repository.
2. Use environment variables to handle sensitive information in code.

1. Any detected vulnerability or security incident must be reported immediately to the organization owners and administrators.
2. a hotfix should be implemented and deployed as soon as possible for critical vulnerabilities.

Before integrating any third-party services or libraries, the project maintainers must review and approve their security features and settings.

1. Periodic security audits will be conducted on random repositories.
2. Audit results will be shared with project maintainers, who are expected to address any identified issues promptly.

Failure to adhere to this Global Security Policy may result in removal from the TeGriAi Labs GitHub organization and further legal action if warranted.

This Global Security Policy will be reviewed and updated annually or as needed to reflect any changes in security practices or requirements.