This project is currently in public preview. Security fixes are best-effort and will typically be applied on the latest active branch.

At the moment, treat the latest default branch state as the supported version.

If you discover a security issue, please do not open a public issue with exploit details immediately.

Instead, report it privately to the maintainers through the repository’s preferred private contact channel.

When reporting, please include:

• a clear description of the issue,
• affected component(s),
• reproduction steps,
• impact assessment,
• and any suggested mitigation if available.

We will aim to:

• acknowledge the report,
• reproduce and assess impact,
• prepare a fix or mitigation,
• and disclose responsibly once a fix is available.

This repository includes:

• a core GraphRAG library,
• a Spring Boot starter,
• and a runnable example app.

Please note that the example app is intended for demo / dogfooding / integration exploration, not hardened production deployment.

Please do not commit:

• API keys or secrets,
• production credentials,
• internal-only package references,
• local AI/IDE state directories,
• or sensitive customer / company data.

The repository is intended to remain open-source-safe by default.

The project currently depends on mainstream JVM / Spring / Spring AI / Neo4j ecosystem libraries. If you notice a vulnerable dependency version, please report it with as much detail as possible, including:

• package name,
• affected version,
• vulnerability identifier if known,
• and a recommended upgrade path.