Falsiflow is local-first. It reads local project, evidence, and source files and writes local reports and bundles.

Please report issues involving path traversal, unsafe bundle extraction, hash verification, provenance bypasses, or GitHub Action behavior through GitHub Security Advisories.

Do not attach private evidence files, credentials, model outputs, customer data, or unpublished lab data to public issues.