Security fixes target the latest released version of Fabric. Upgrade to the latest release before reporting behavior that may already be fixed.

Do not open a public issue for a suspected vulnerability. Report it privately through a GitHub security advisory for this repository, or email lfaddourado@gmail.com if private reporting is unavailable.

Include the affected version, impact, reproduction steps, and any suggested mitigation. Do not include real repository credentials, private source code, prompts, transcripts, or decrypted Fabric payloads.

Fabric Local V1 trust claims are declarative rather than cryptographic. Reports should distinguish a documented trust limitation from an implementation flaw that violates the protocol or exposes data unexpectedly.