Bach is pre-1.0. Only the latest state of main is supported; older commits and tags receive no fixes.

Please do not open a public issue for security problems.

Report privately via GitHub Security Advisories: https://github.com/Catafal/bach/security/advisories/new

You can expect an acknowledgment within one week. Once triaged, we will coordinate a fix and disclosure timeline with you.

Bach is a local CLI, but it has a real attack surface worth reporting on:

• Shell-out boundaries — Bach composes and executes shell commands for osascript (iTerm automation), claude, codex, and gh. Anything that lets task descriptions, file paths, or artifact content escape quoting and inject into those commands is in scope (see shell_quote and the AppleScript escaping in src/bach/runtimes/).
• Filesystem writes — Bach writes under ~/.bach/ (config, counter, sidecars, daily index) and project-local .bach/ folders (task artifacts). Path-traversal or symlink tricks that make Bach write outside those locations are in scope.
• Artifact-driven behavior — task artifacts are YAML + Markdown parsed with yaml.safe_load; bypasses of that safety or code execution via crafted artifacts are in scope.