If you discover a security vulnerability in Elvis, please report it privately so we can address it before disclosing publicly.

Preferred contact: open a confidential issue and set the report as private, or email the maintainers at security@yourdomain.example (replace with a real address for production). Include steps to reproduce, affected versions, and any mitigations.

We will respond within 5 business days and follow up until the issue is resolved. After a fix and coordinated disclosure, we will publicly disclose the issue with attribution as appropriate.

Documentation Standards (brief): When documenting security-related procedures (e.g., reporting or mitigation steps), include PDL pseudocode and a short flowchart (Mermaid) to make the process clear and accessible.