If you discover a security vulnerability in this repo, please report it responsibly. We appreciate your efforts to disclose issues privately and allow us time to respond before any public disclosure.

• GitHub Security Alerts: If enabled, you can also submit via GitHub's private vulnerability reporting feature (available in repository settings under Security > Vulnerability reporting).
• Include details: Provide a clear description of the vulnerability, steps to reproduce it, potential impact, and any proof-of-concept code (if safe to share). Do not include exploits in public issues.
• Create a GitHub Issue: Alternatively, if email or private reporting isn’t an option, create a GitHub Issue with a clear title and description. Ensure you apply the security label to the issue to flag it appropriately. Avoid sharing sensitive details publicly unless advised.

• Acknowledgment: We aim to acknowledge your report within 2 days.
• Initial Assessment: We'll evaluate the issue and provide an update within 7 days.
• Resolution: If accepted, we'll work on a fix and release it in a timely manner, typically within 30-90 days depending on severity. You'll be credited in the release notes unless you prefer anonymity.
• Declined Reports: If the report is declined (e.g., not a vulnerability or out of scope), we'll explain why and suggest alternatives if applicable.