Security

SECURITY.md

Security Policy

Reporting Vulnerabilities

If you discover a security vulnerability in the AAAA Nexus API, please report it responsibly.

Email: atomadic@proton.me

Subject line: [SECURITY] Brief description

We will acknowledge receipt within 48 hours and provide an initial assessment within 5 business days.

Scope

The following are in scope for security reports:

AAAA Nexus API endpoints (atomadic.tech)
Authentication and authorization bypasses
x402 payment flow vulnerabilities
Session security (RatchetGate) issues
Data exposure or privacy violations

Out of Scope

This GitHub repository (contains no executable code)
Denial of service attacks
Social engineering
Third-party dependencies not under our control

Disclosure

We follow coordinated disclosure. Please allow 90 days before public disclosure.

There aren’t any published security advisories