Contact · Security disclosure

Report security findings directly and keep the reproduction crisp.

Use this page for vulnerability reports, signature validation issues, callback replay concerns, or data handling questions that need direct review.

What to include

Affected environment and endpoint

Clear reproduction steps

Expected vs actual behavior

Impact and any suggested mitigations

Disclosure channel

Send reports to the security contact route through the contact page for now. This prototype does not publish a PGP key or formal SLA yet, so keep reports concise and reproducible.

Go to contact →