Recallant is pre-release security-sensitive software because it stores development context, decisions, source references, and agent memory.
Do not open public issues containing secrets, tokens, private server paths, raw memory exports, database dumps, customer data, or sensitive project history.
For now, report security concerns privately to the project owner through GitHub profile contact channels. A dedicated disclosure address can be added before the first stable release.
Security design and defaults are documented in docs/SECURITY.md.