Security

SECURITY.md

Security Policy

Supported Scope

This repository is under active development. Security fixes are addressed on main.

Reporting a Vulnerability

Please do not open public issues for vulnerabilities.

Send details privately to the repository owner with:

Affected component/file
Reproduction steps
Impact assessment
Suggested mitigation (if available)

Response Goals

Initial acknowledgement: within 72 hours
Triage and severity assessment: as soon as reproducible
Fix timeline: based on severity and exploitability

Safe Handling

Do not include secrets/tokens in reports
Use minimal proof-of-concept data
Prefer private disclosure until patch release

There aren’t any published security advisories