If you discover a security vulnerability, please do not open a public issue. Contact the maintainers at security@localhost (replace with your contact email) or open a private/hidden issue on GitHub.

If you'd like, I can add a PGP key or GitHub security policy instructions.

• Do not commit .env or other credential files. A local .env file is in .gitignore.
• Use environment variables or secret managers for production deployments.