Audit Trail

Release confidence in CryptoDesk AI is supported by visible engineering gates, not by vague claims.

CI Gates

For the published alpha line, the main CI checks cover:

build verification
test verification
security audit scanning

The project reached a green state on all three checks before the release package was finalized.

Dependency Audits

Dependency posture matters because desktop applications inherit both runtime and packaging risk. The release work included audit-focused cleanup and dependency updates, including updater-related security hardening before the public alpha package was left in place on GitHub.

Observed posture

The project documentation and release flow explicitly call out limitations, known warnings, and unsigned-alpha behavior instead of pretending those risks do not exist.

Reporting

Vulnerabilities should be reported privately according to the project security policy. Public issue trackers are appropriate for normal bugs, but secret-related or exploit-focused reports should be handled more carefully.