Please do not open public GitHub issues for security vulnerabilities.

Report vulnerabilities privately through GitHub Security Advisories for this repository. Include enough detail to reproduce the issue, the affected version, and any known workaround.

Security issues include unintended data exposure, unsafe file handling, dependency supply-chain risks, or behavior that violates the local-first privacy model.

opensmith does not intentionally send trace data to external services. Network activity should be limited to user code and the local dashboard unless explicitly initiated by the user.