Security fixes target the latest published version of metatron-cli.
Do not open a public issue for a credential leak or exploitable vulnerability. Use GitHub's private vulnerability reporting for this repository when available, or contact the maintainer through the GitHub profile linked from the repository.
Metatron configuration can contain API bearer tokens and local LLM integration
settings. Keep real values in ~/.config/metatron/config.toml or another
private path. Never commit .env, .pypirc, API keys, Slack tokens, npm
tokens, or PyPI tokens.
If a secret is committed, revoke it before rewriting history or cutting a new release.