This project is an MVP. Security fixes target the latest main branch.

Please report vulnerabilities privately through GitHub Security Advisories for this repository when available. If advisories are unavailable, contact the repository owner through GitHub.

Include:

• Affected version or commit
• Reproduction steps
• Potential impact
• Suggested mitigation, if known

• The default runtime does not require paid external APIs.
• Do not commit API keys, access tokens, source data credentials, or private datasets.
• Copy .env.example to .env for local secrets; .env is ignored by Git.
• SQLite files are ignored by default and should not be committed.
• Real notifier implementations should load secrets from environment variables or a secret manager.