If you discover a security issue, please report it responsibly:

• Open a GitHub Security Advisory if you have access, or
• Email the maintainer via the contact on mehulg.com.

Please do not open public issues for undisclosed vulnerabilities.

• Never commit .env files, API keys, or GitHub personal access tokens.
• Copy from *.env.example files and keep secrets local only.
• If a token was ever committed or shared, revoke and rotate it immediately on the provider (GitHub, WandB, etc.).

git status
git diff --cached
git grep -E '(ghp_|github_pat_|api_key|API_KEY=)' || true

Ensure .env, *.db, and runs/ are not staged.