This repository ships a reference UBL kernel and trust primitives.

If you find a vulnerability, please contact maintainers privately.

• Set UBL_API_KEY in production.
• Run behind TLS.
• Restrict registry mutation endpoints.
• Rotate signing keys and keep them offline when possible.