If you discover a security issue in ChittySchema, report it privately through the CHITTYFOUNDATION security channels instead of opening a public issue.

Include:

• affected endpoint, route, or package surface
• reproduction steps
• potential impact
• proposed remediation (if available)

This policy applies to:

• connectivity/api/* Cloudflare Worker routes and bindings
• schema generation and validation scripts under identity/scripts/
• published package artifacts under @chittyos/schema