This repository is a simulation/research codebase. Security concerns still matter, especially for dependency and supply-chain risks.
Please report suspected vulnerabilities privately by opening a private security advisory in your hosting platform (if enabled) or by contacting maintainers directly before public disclosure.
When reporting, include:
- Affected file(s) and version/commit context
- Reproduction steps
- Impact assessment
- Proposed mitigation (if available)
- Do not open public exploit details before maintainers have time to assess.
- Coordinated disclosure is preferred.
- Performance disagreements
- Scientific interpretation disputes
- Non-security bugs (file a normal issue/PR)