Report security issues privately to 1200km@gmail.com.

Do not open a public GitHub issue for a vulnerability.

Default coordinated disclosure window: 90 days.

This policy covers vulnerabilities in this repository's code, packaging, examples, and documentation. It does not cover third-party services, external APIs, or lab targets.