Please report security issues privately to the maintainers before public disclosure.
Do not include secrets, access tokens or private deployment details in public issues.
The project treats these areas as security-sensitive:
- command authorization hooks
- bridge authentication
- task execution requests from external systems
- persistent task history
- logs and event payloads