This repository provides local development patterns and command references. It is not a production-hardened platform.

Please do not open public issues for sensitive vulnerabilities.

Instead, contact maintainers privately with:

• affected file/path,
• reproduction steps,
• impact assessment,
• suggested fix (if available).

You should receive an acknowledgment within 3 business days.

• Never commit .env files, credentials, tokens, or connection strings.
• Treat bootstrap scripts as templates and replace sample passwords.
• Rotate any secret immediately if accidentally exposed.