Do not open public issues for security vulnerabilities.
Email security reports to: security@dedaluslabs.ai
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge your report within 48 hours and provide a detailed response within 7 days.
| Version | Supported |
|---|---|
| main | Active development |
| < 1.0 | Pre-release, best-effort |
inline-tests is a pytest plugin for colocating tests with implementation code. Security considerations:
- No code execution at import: AST scanning checks for
@testdecorators without importing modules - Type safety: Full type hints enforced via ty
- Minimal surface area: Small codebase with few dependencies (just pytest)
This is pre-1.0 software. The plugin imports modules containing @test decorators during test collection, so any import-time side effects will execute.
We follow coordinated disclosure:
- Reporter submits vulnerability privately
- We acknowledge within 48 hours
- We investigate and develop fix
- We release fix and credit reporter (unless anonymity requested)
- Public disclosure after 90 days or when fix is deployed
- Security issues: security@dedaluslabs.ai
- General questions: oss@dedaluslabs.ai