This repository hosts public technical documentation for PullLog.
The production service (https://pulllog.net) operates separately.

• Documentation in this repo (incorrect descriptions, misleading diagrams)
• Public API specs under docs/api/
• Security concerns in the documentation site or repo configuration

• Active scanning or penetration testing against https://pulllog.net
• Attempts to bypass auth/rate limits on the live service
• Attacks requiring physical access or compromised devices

Please do not file a public issue with exploit details.
Report privately via one of the following:

• 📧 Email (preferred): support@pulllog.net

  • Please prefix the subject with [SECURITY]
  • You may also send to security@pulllog.net (aliased to the same inbox)

• 🔒 GitHub Security Advisories:
  Create a private report via repository security advisories.

Include where possible:

• Summary and potential impact
• Steps to reproduce / PoC (redact secrets)
• Affected endpoint(s) / page(s), timestamps, and environment
• Suggested mitigation or references (if any)

• Acknowledgement within 3–5 business days (aim for 48h)
• Initial assessment/tracking ID upon triage
• Coordinated disclosure timeline agreed with reporter

• Please allow reasonable time for investigation and remediation
• Avoid actions that may harm data, availability, or privacy
• We appreciate anonymized or limited PoC data where feasible

Thank you for helping keep PullLog safe.