DreamCleanr Clean while you sleep

Policy

Security Policy

DreamCleanr is designed around conservative, preview-first cleanup. The current supported delivery surfaces are GitHub Releases, GitHub Pages, and the local runtime on your machine.

Supported security surfaces

  • latest tagged release
  • the current main branch when it is ahead of the latest release

How to report a vulnerability

Do not open a public issue for credential leaks, destructive cleanup bugs, or protected-state bypasses.

Use GitHub Security Advisories if available, or contact the maintainer privately through an appropriate sensitive-reporting path.

Safety principles

  • preview-first behavior stays the default
  • protected Claude, Codex, and Docker VM state stays outside default auto-delete
  • new cleanup targets require regression coverage before release
  • install and update paths should remain stable and inspectable