docs: move incident response plan

.gitignore

@@ -94,6 +94,8 @@ tmp/
 IDENTITY.md
 USER.md
 *.tgz
+*.tar.gz
+*.zip
 .idea
 
 # local tooling
@@ -153,6 +155,9 @@ apps/ios/LocalSigning.xcconfig
 apps/ios/build/
 apps/shared/OpenClawKit/build/
 Swabble/build/
+*.xcresult
+*.trace
+*.profraw
 
 # Generated protocol schema (produced via pnpm protocol:gen)
 dist/protocol.schema.json

SECURITY.md

@@ -26,6 +26,7 @@ For OpenClaw core issues, submit through a private [GitHub Security Advisory](ht
 Maintainers may close, hide, delete, or otherwise take down public issues and PRs that disclose vulnerabilities or active security issues. We will redirect those reports through the private disclosure process so the issue can be triaged and fixed without giving attackers a public playbook.
 
 For full reporting instructions see our [Trust page](https://trust.openclaw.ai).
+For maintainer response workflow, see the [incident response plan](docs/security/incident-response.md).
 
 OpenClaw does not currently run a paid bug bounty program. Please still disclose responsibly so we can fix real issues quickly. The best way to help the project right now is to send high-signal reports and, when practical, focused PRs.
 

docs/security/incident-response.md

@@ -1,4 +1,13 @@
-# OpenClaw Incident Response Plan
+---
+summary: "How OpenClaw triages, responds to, and follows up on security incidents"
+title: "Incident response"
+read_when:
+  - Responding to a security report or suspected security incident
+  - Preparing a coordinated disclosure or patched security release
+  - Reviewing post-incident follow-up expectations
+---
+
+# Incident Response
 
 ## 1. Detection and triage