The maintained public scope is the current main branch.
For security-sensitive findings, use GitHub private vulnerability reporting if it is enabled for the repository.
If private reporting is unavailable, open a minimal GitHub issue requesting a private contact path and do not post exploit details, credentials, payloads, or sensitive documents.
- issues outside the bounded source material
- unsupported runtime profiles
- preference disputes that are not correctness, traceability, or safety issues