Reporting a Vulnerability We take the security of our orchestrator seriously. If you discover a vulnerability regarding the Rust-to-JS bridge, process isolation, or networking sidecars, please follow these steps:

Do Not Open a Public Issue: To prevent exploitation, please do not report security bugs through the public GitHub Issue tracker.

Contact the Maintainer: Please send a detailed report to [adafax4@gmail.com] or reach out directly via LinkedIn.

What to Include: * A description of the vulnerability.

Steps to reproduce the issue.

Potential impact (e.g., unauthorized process spawning, data leakage).

Response Timeline

Initial Response: Within 48 hours to acknowledge receipt of the report.

Status Updates: Every 7 days until the vulnerability is patched or a mitigation is released.

Public Disclosure: Once a fix is pushed, we will provide a security advisory in the release notes, crediting the researcher if they wish to be named.

Non-Security Issues For general bugs, feature requests please use the standard GitHub Issues page.