Please do not open a public issue for suspected security vulnerabilities.

Use the repository's private vulnerability reporting path if it is enabled. Otherwise, contact the maintainers through a non-public channel listed on the repository.

When reporting a vulnerability, include:

• affected version or commit
• reproduction steps
• impact summary
• any known mitigations or workarounds

This repository packages the standalone co-memory research kernel.

Security-sensitive host responsibilities remain outside this package boundary, including:

• authority database hosting
• runtime hosting and API serving
• integration-specific secret management
• deployment-specific transport and access controls

Reports that cross the host boundary are still useful when they show a package-level contract or behavior issue.