If you discover a security vulnerability in BeadsX, please report it responsibly:

1. Do NOT open a public issue for security vulnerabilities
2. Email: Send details to the maintainer via GitHub's private vulnerability reporting feature, or open a private security advisory
3. Include: Description of the vulnerability, steps to reproduce, and potential impact

• Acknowledgment: Within 48 hours
• Initial assessment: Within 7 days
• Fix timeline: Depends on severity, typically within 30 days for critical issues

This security policy applies to:

• The BeadsX VSCode extension
• The source code in this repository

• The bd CLI tool (report issues to beads repository)
• Third-party dependencies (report to respective maintainers)