Security Program

BarrelHub enforces API scope-based authorization, audited mutation paths, and explicit approval controls for high-risk operations.

Control-plane safeguards include fail-safe rate-limit/quota behavior with degraded-state telemetry and alert checks for on-call response.

Webhook ingest endpoints enforce signed request validation and replay protection where configured.

For vulnerability disclosure, contact security@barrelhub.co and include reproduction steps.

Compliance mappings and retention controls are described in compliance.