Report security concerns through the configured Veritas Labs security contact for this repository. Do not disclose suspected vulnerabilities publicly until a maintainer confirms remediation or risk acceptance.

Ironloom fails closed for missing or ambiguous Discord thread bindings, destructive actions without approval, missing SonarCloud bootstrap configuration, and runtime configuration that lacks required secret references.