If you discover a security vulnerability, please report it responsibly.

Do not open a public issue. Instead, email security@codespar.dev with:

• A description of the vulnerability.
• Steps to reproduce.
• Affected versions.

• 48 hours — We will acknowledge your report.
• 7 days — We will provide an initial assessment.
• 30 days — We aim to release a fix for confirmed vulnerabilities.

We appreciate your help in keeping CodeSpar secure.