We take security seriously and appreciate responsible disclosure.
- Email: security@lareview.dev
- Please include: affected version/commit, reproduction steps, impact, and any mitigation ideas.
- We aim to acknowledge reports within 3 business days.
- LaReview application and supporting tooling in this repository.
- Example agents/templates are in scope if they ship here; third-party services are out of scope.
- Triage and reproduce the issue.
- Decide on a fix and target release.
- Communicate status with the reporter until resolution.
- Credit reporters in release notes if desired.