We aim to keep the main branch secure. If you find a vulnerability, please report it against the latest commit on main.

• Email: security@readingroom.dev
• Include: steps to reproduce, affected area, and any relevant logs or PoCs
• Expectation: we will acknowledge reports within 5 business days and provide a remediation plan or status update within 10 business days.

Please avoid filing public issues for security reports until we coordinate a disclosure plan.