Security fixes are applied to the current default branch and the latest tagged release.
Please report a suspected vulnerability privately through GitHub Security Advisories. Do not include real credentials, official competition data, private service endpoints, or proprietary artifacts in a public issue.
This repository must never contain:
- API keys, tokens, SSH keys, registry credentials, or private endpoints;
- internal server addresses, user-specific absolute paths, or image digests;
- official test inputs, predictions, model checkpoints, raw competition logs, or submission archives;
- third-party source, weights, or datasets without an explicit redistribution basis;
- reconstructed traces presented as original logs.
If any of these appear, treat the incident as a release-boundary failure: remove the material from the public branch, rotate affected credentials where applicable, and document the correction without republishing the sensitive value.
This policy covers only this clean-room public repository. It does not invite access to the private competition repository or infrastructure.