RedForge is a dual-use framework for authorized AI security evaluation. This public repository is intended for scoped, evidence-first testing of systems you own, operate, or have explicit permission to assess.

Security reports for the public repository may include:

• vulnerabilities in RedForge's public CLI, API, plugin SDK, target adapters, reports, or local demo surfaces;
• unsafe default behavior that could accidentally expand test scope;
• leaks of generated artifacts, local paths, secrets, or private implementation references;
• issues in public packaging, CI, or dependency configuration.

Do not submit private customer data, secrets, credentials, real target traces, or competition-private details in public issues.

If the issue is safe to disclose publicly, open a GitHub issue with a minimal reproduction.

If the report contains sensitive details, please use GitHub private vulnerability reporting if enabled for the repository, or contact the maintainer out of band. Include:

• affected commit or version;
• minimal reproduction steps;
• expected and actual behavior;
• impact and suggested remediation;
• confirmation that the report does not include third-party secrets or unauthorized target data.

RedForge does not grant authorization to test any system. Users are responsible for complying with laws, contracts, provider terms, and target-specific authorization boundaries.

The public repository will not include private attack packs, competition-specific implementations, customer deployment overlays, or destructive/unscoped automation.