Security fixes are applied to the main branch. This repository is a portfolio prototype, not a released clinical product, so older snapshots and branches are not maintained.

Please do not open a public issue for suspected secrets, dependency vulnerabilities, or security-sensitive behavior.

Report concerns privately through GitHub's security reporting flow if available, or contact the repository owner directly. Include:

• The affected component or file path.
• Steps to reproduce or validate the issue.
• Any dependency advisory identifiers, if relevant.
• Whether the issue affects local development only or the runtime application.

Scribe IQ uses synthetic data and is not intended for clinical decision-making. Security reports should focus on repository code, dependency exposure, local setup, CI, or runtime behavior in the demo application.