This project is currently in early public beta. Security fixes are applied to the latest main branch first.

Please do not open public issues for vulnerabilities.

Report privately with:

• A clear description of the issue
• Reproduction steps or proof of concept
• Potential impact
• Suggested mitigation (if available)

Use GitHub private vulnerability reporting for this repository.

• Initial acknowledgment: within 3 business days
• Triage decision: within 7 business days
• Fix timeline: depends on severity and complexity

After a fix is available, maintainers may publish a summary in CHANGELOG.md.