We are optimizing for very fast iteration, but security bugs still matter.

How to report a security issue

• Please do not open public issues for credential leaks, auth bypasses, remote code execution, or sensitive deployment flaws.
• Instead, contact the maintainer privately first and include:
  • what is affected
  • how to reproduce it
  • impact
  • any suggested mitigation

Current security posture

• This project is under active development.
• Public deployment hardening is a top near-term priority.
• Until the auth/public deployment layer is fully shipped, do not assume every preview/demo environment is production-hardened.

Response target

• Initial triage target: within 24 hours
• Critical issues should be acknowledged and prioritized immediately after confirmation