Security reports are accepted for this repository's active code in:

• operon-rs/
• tui/
• gui/

Please report vulnerabilities privately to the maintainers.

• Do not open a public issue for a suspected security vulnerability.
• Include reproduction steps, impact, and affected paths.
• If possible, include a minimal proof of concept.

• Initial acknowledgement: within 7 days
• Triage and severity assessment: as soon as reproducible
• Fix timeline: based on severity and exploitability

Public disclosure should occur only after a fix is available or maintainers approve disclosure.