ChatStage stores local app data and model provider configuration on the user's machine. Security-sensitive reports are welcome, especially around API key handling, local data exposure, provider requests, MCP services, and packaged release artifacts.

Security fixes are currently focused on the latest public release.

Please avoid posting sensitive details in a public GitHub issue. If you find a vulnerability, contact the maintainer through the GitHub profile for Commit2Push with:

• A short summary of the issue.
• Steps to reproduce.
• The affected version or commit.
• Any local files, provider calls, or MCP services involved.

The project will acknowledge valid reports as quickly as possible and coordinate a fix before public disclosure when needed.