We take security seriously and appreciate responsible disclosure.

• Email: security@lareview.dev
• Please include: affected version/commit, reproduction steps, impact, and any mitigation ideas.
• We aim to acknowledge reports within 3 business days.

• LaReview application and supporting tooling in this repository.
• Example agents/templates are in scope if they ship here; third-party services are out of scope.

• Triage and reproduce the issue.
• Decide on a fix and target release.
• Communicate status with the reporter until resolution.
• Credit reporters in release notes if desired.