This project is currently pre-release and does not provide long-term support branches. The main branch is supported. After the initial public release, we will follow semantic versioning for stable releases.

Please report security issues privately and responsibly.

• Email: security reports may be sent to [email protected]
• Include: a detailed description, steps to reproduce, affected versions/commit, and any proof-of-concept.
• Do not disclose publicly until we’ve had a reasonable time to investigate and release a fix.

• We will acknowledge receipt within 3 business days.
• We aim to provide an initial evaluation within 10 business days.
• Fix timelines vary based on severity and complexity. Critical issues will be prioritized.

Once a fix is available, we’ll publish a security advisory in the repository and acknowledge reporters who wish to be credited.

We rely on upstream projects and libraries. If the vulnerability exists in a dependency, we’ll coordinate with maintainers where possible and track the fix via dependency updates.