Security fixes are applied to the current main branch and the latest released 0.x line.

Use a private GitHub Security Advisory for any suspected vulnerability. Include:

• affected files or commands
• reproduction steps
• impact summary

We will triage reports as soon as practical, confirm impact, and coordinate a fix before public disclosure when needed.

Dependency changes should be reviewed with the same care as code changes, especially when they affect CLI parsing, generated Dockerfiles, or benchmark execution.