Please do not report security issues in public issues or discussions.
Use GitHub's private vulnerability reporting flow for this repository. Include:
- affected version or commit
- reproduction steps
- impact assessment
- any proposed mitigation
If private reporting is unavailable for any reason, contact the maintainer through a private channel on the repository hosting platform and reference this policy.
This public repo does not include hosted production infrastructure, billing systems, or private deployment automation. Reports should stay focused on the code, vendored artifacts, developer tooling, and local API/runtime surfaces shipped here.