Please report suspected vulnerabilities by opening a private security advisory on this repository or by contacting @alawein directly.

Do not open public issues for security vulnerabilities.

• Affected component or file path
• Reproduction steps or proof of concept
• Impact and severity estimate
• Suggested remediation, if known

• Initial triage response: 2 business days
• Severity assessment: 5 business days
• Mitigation plan: 10 business days

This policy applies to all code and configuration in this repository.

• We acknowledge reports after triage.
• We coordinate remediation and release timeline.
• We publish advisory notes when appropriate.