Current validated public scope is the GLM stable profile documented in:

• docs/FIRST_RELEASE.md

Experimental/non-default paths may change quickly and should not be treated as production-stable commitments.

Please report vulnerabilities privately by email:

• hmbown@gmail.com

Include:

• affected file/module and commit hash if known
• reproduction steps
• potential impact
• any logs or traces needed to reproduce

• Initial acknowledgement target: within 3 business days.
• Triage outcome target: within 7 business days.
• Fix timeline depends on severity, exploitability, and release risk.

Please avoid public disclosure until triage is complete and a mitigation plan exists.