Platform status: Production-Oriented Platform Under Active Development
This file defines how to report potential security vulnerabilities in this repository and how reports are handled.
Implementation-oriented security notes live in docs/SECURITY.md.
mainis the supported branch for security fixes and disclosure coordination.
If you believe you found a vulnerability:
- Do not publish exploit details publicly before maintainers review.
- Open a GitHub issue with minimal sensitive detail and label it as security-related.
- Include reproducible steps, affected paths, and impact assessment.
- If sensitive data must be shared, keep the public issue minimal and coordinate follow-up with maintainers.
Current disclosure path in this repository:
- GitHub Issues in this repository
No dedicated external security mailbox is declared in this repository at this time.
- Affected component or path
- Preconditions
- Reproduction steps
- Potential impact
- Suggested mitigation (if known)
Maintainers will triage and classify reports as quickly as possible.
Detailed workflow is documented in docs/SECURITY_RESPONSE_PROCESS.md.
Product security features and controls are documented separately from disclosure workflow. See docs/SECURITY.md for implementation-oriented security notes.