Active development happens on the main branch. Only the latest commit on main receives security updates.

If you discover a security vulnerability, please email security@steam-idle-bot.local with the following details:

• A clear description of the issue
• Steps to reproduce
• Any proof-of-concept code or logs that demonstrate the impact

Please do not open a public issue. We aim to acknowledge reports within 5 business days and will coordinate on a fix and disclosure timeline with you.

If you prefer encrypted communication, share your public key in the initial email and we will respond with an encrypted channel.