If you discover a security vulnerability in Graft, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please email: security@delavalom.com

You should receive a response within 48 hours. We will work with you to understand the issue and coordinate a fix before any public disclosure.

This policy covers the Graft library itself. Issues in upstream providers (OpenAI, Anthropic, Google, AWS) should be reported to those providers directly.