Osgiliath is a research-stage formal verification framework for Hyperdimensional Computing. While we take security seriously, this is not a production system.

If you discover a security vulnerability, please report it privately to enotrium@proton.me. Do not open a public GitHub issue.

We will acknowledge receipt within 48 hours and provide an estimated timeline for a fix.

• In scope: Bugs in the Haskell type-level proofs, compiler IR, or property tests that could lead to incorrect verification results.
• Out of scope: The Python Arthedain library (separate repo), hardware-level side channels, or denial-of-service via GHC.

We follow responsible disclosure: 90 days from notification to public disclosure, or immediately upon release of a fix.