GuardMesh is an early alpha project. Security reports are still welcome and useful.

Please do not open a public GitHub issue for suspected security vulnerabilities.

Instead:

• contact the maintainers privately if a private contact channel is available
• if no private channel is yet listed, open a minimal public issue asking for a private reporting route without disclosing details

Security reports are especially helpful for:

• policy bypasses
• unsafe parsing behavior
• denial-of-service vectors in policy evaluation
• incorrect decision semantics that could cause unsafe allow outcomes
• unsafe supply-chain or packaging behavior

Because GuardMesh is an alpha project, response times are best-effort. Even so, valid reports will be triaged and addressed as quickly as practical.