Do not open a public issue for security reports.

Email security@hybridops.tech with:

• A clear description of the vulnerability and its potential impact
• Reproduction steps or a minimal proof of concept
• The affected version, commit, or tag and the environment in which it was observed

We acknowledge all reports within 5 business days and will coordinate a fix and disclosure timeline with you. Credit is given to reporters in release notes unless you request otherwise.

This policy covers the hyops CLI, drivers, modules, and packs shipped in this repository. Configuration examples and documentation are out of scope for vulnerability reports but we welcome corrections via the normal issue tracker.