Do not open a public issue for security vulnerabilities.

Please report security issues by emailing security@modelrelay.io. Include:

• A description of the vulnerability
• Steps to reproduce or a proof of concept
• The affected version(s)
• Any potential impact assessment

• Acknowledgment: within 72 hours of report
• Initial assessment: within 5 business days
• Critical severity patches: target release within 7 days of confirmation
• Non-critical fixes: included in the next scheduled release

We will coordinate disclosure timing with you and credit reporters in the release notes unless anonymity is requested.