If you discover a security vulnerability in TowerForge, please report it privately rather than opening a public issue.

Email: adam@adamn.info

Please include:

• A description of the vulnerability
• Steps to reproduce
• Affected versions
• Any potential mitigations you've identified

Security concerns relevant to TowerForge include:

• Part number validation bypasses that could allow hallucinated SKUs into BOMs
• Schema validation gaps that could produce malformed construction documents
• Data injection via file loaders (CSV, PDF, XLSX parsers)
• Dependency vulnerabilities affecting the SDK or tool runtime

• Acknowledgment: Within 48 hours
• Assessment: Within 5 business days
• Fix: Depends on severity — critical issues patched ASAP

Thank you for helping keep TowerForge secure.