The latest main branch is supported for security fixes.

Please report vulnerabilities privately to:

• security@sentientwave.com

Include:

• affected component(s)
• reproduction steps
• impact assessment
• optional mitigation suggestions

We will acknowledge receipt as soon as possible and coordinate remediation and disclosure.

• Please do not disclose vulnerabilities publicly until a fix is available.
• We aim for coordinated disclosure after remediation.

This policy applies to:

• Automata core runtime
• Web/API surface
• Deployment scripts and container packaging

Out-of-scope examples:

• third-party service outages
• unsupported local modifications
• known risks already documented in project docs/license