> For the complete documentation index, see [llms.txt](https://shinkalabs.gitbook.io/hub/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://shinkalabs.gitbook.io/hub/andromeda/security/disclosure.md). # Responsible disclosure If you find a security issue in Andromeda, the API, the on-chain programs, or anything in the public repository, please report it privately so it can be fixed before it is disclosed. ## How to report * Email the Shinka Labs team via the contact on [shinkalabs.tech](https://www.shinkalabs.tech/). * Include: what you found, how to reproduce it, the impact you believe it has, and any relevant request ids, transaction signatures, or program addresses. * If you have a proof of concept, include it. Please do not run it against other users' data or wallets. ## What to expect * An acknowledgement that the report was received. * An assessment, and a fix or mitigation for confirmed issues, with critical issues prioritised. * Coordination with you on timing before any public disclosure. ## Scope In scope: the Andromeda API, the MCP server, the eight Quasar policy programs on devnet, the recovery and identity layers, and the code in the public repository. Out of scope: the underlying Ika and Encrypt networks themselves (report those to their maintainers), denial-of-service findings against pre-alpha infrastructure, and issues that require a compromised user device or a compromised third-party dependency outside Andromeda's control. ## Please do not * Access, modify, or delete data that is not yours. * Run tests that degrade service for other users. * Disclose the issue publicly before it is fixed and you have coordinated timing. ## A note on pre-alpha Andromeda runs on devnet with a mock signer and pre-alpha networks, and there is no third-party audit yet. Many "issues" in that context are known limitations; see [Status & disclaimers](/hub/andromeda/status.md) and [Known limitations](/hub/andromeda/reference/limitations.md) first. Genuine new findings are still very welcome. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://shinkalabs.gitbook.io/hub/andromeda/security/disclosure.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.