Please do not open a public GitHub issue for security reports.
Use GitHub's private vulnerability reporting for this repository when it is available. If private reporting is not enabled yet, contact the maintainers through GitHub without posting exploit details publicly.
Include, if possible:
- a clear description of the issue
- affected versions or commit hashes
- reproduction steps or a proof of concept
- impact assessment
We will try to acknowledge reports within 5 business days.
This policy applies to the code in this repository, including the Electron app, the bundled FastAPI backend, and project-specific integrations layered on top of vendored third-party components.