To report a security vulnerability, please email security@hyperpolymath.org or open a private security advisory on GitHub.

Do not open public issues for security vulnerabilities.

• All dependencies are SHA-pinned in CI workflows
• CodeQL scanning enabled
• SPDX license headers on all source files
• No secrets or credentials in repository