OSS launch polish: fix hook paths, add OSS files, update README

- Fix slashes in agent identity causing invalid hook file paths (gt-vqhc) - Add Prerequisites section to README (gt-vzic) - Create CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md (gt-xbfw) - Update Install section for future package managers (gt-7wcf) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-24 23:28:15 -08:00
parent 65d5f6823b
commit 066ef722ae
6 changed files with 176 additions and 6 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,38 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in Gas Town, please report it responsibly:
+
+1. **Do not** open a public issue for security vulnerabilities
+2. Email the maintainers directly with details
+3. Include steps to reproduce the vulnerability
+4. Allow reasonable time for a fix before public disclosure
+
+## Scope
+
+Gas Town is experimental software focused on multi-agent coordination. Security considerations include:
+
+- **Agent isolation**: Workers run in separate tmux sessions but share filesystem access
+- **Git operations**: Workers can push to configured remotes
+- **Shell execution**: Agents execute shell commands as the running user
+- **Beads data**: Work tracking data is stored in `.beads/` directories
+
+## Best Practices
+
+When using Gas Town:
+
+- Run in isolated environments for untrusted code
+- Review agent output before pushing to production branches
+- Use appropriate git remote permissions
+- Monitor agent activity via `gt peek` and logs
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.1.x   | :white_check_mark: |
+
+## Updates
+
+Security updates will be released as patch versions when applicable.