This repository accepts security reports for:

1. Python package runtime and library surfaces (src/zpe_neuro).
2. Repo-local verification and gate scripts (tools/).
3. CI and release pipeline configurations.

Please report vulnerabilities privately to the project owner with:

1. A clear impact summary.
2. Reproduction steps or proof-of-concept.
3. Affected versions/commit ranges.
4. Suggested remediation when available.

Send reports to architects@zer0pa.ai.

1. Initial acknowledgement: within 5 business days.
2. Triage and severity classification: within 10 business days.
3. Remediation timeline: shared after triage.

Public disclosure should be coordinated after a fix is available.