Please do not create public issues for security vulnerabilities.

To report a vulnerability privately, use one of the following methods:

• Email: security@yourdomain.com (PGP key available upon request for encrypted reports)
• GitHub: Report a vulnerability via private security advisory

We aim to respond to all security reports within 72 hours.

• All changes must be submitted through Pull Requests.
• At least one human reviewer approval is required.
• All review conversations must be resolved.
• Force pushes to the main branch are prohibited.