Security fixes target the latest commit on main until the project publishes tagged releases.

Please report vulnerabilities through GitHub private vulnerability reporting for this repository when available.

If private reporting is unavailable, open a GitHub issue with a minimal description and omit exploit details, credentials, tokens, or private transcripts. The maintainer will follow up in a private channel before public disclosure.

Do not include API keys, provider credentials, or sensitive benchmark outputs in public issues.