During the initial public release phase, security fixes are made on the latest code on main.

Do not open a public GitHub issue for suspected vulnerabilities.

Report security issues to ryan@0ryant.com with:

• a clear description of the issue
• affected files, commands, or workflows
• reproduction steps or a minimal proof of concept
• impact assessment if known

You should receive an acknowledgment within 5 business days.

• Please give the project reasonable time to investigate and prepare a fix before public disclosure.
• If the report is confirmed, the fix and any affected release notes will be published through the normal repository release process.