Before 1.0, security fixes are only guaranteed on the latest code on main and the most recent published CLI and tray releases.

Please do not open a public GitHub issue for exploitable bugs.

Prefer GitHub's private vulnerability reporting flow if it is enabled for this repository. If private reporting is not available, contact a maintainer privately with:

• a short description of the issue
• affected components or paths
• reproduction steps or proof of concept
• any suggested remediation

We will validate the report, work on a fix, and coordinate disclosure once a patch is available.