Security fixes cover the current main branch and the GitHub Release assets
generated from protected v* tags. Strongclaw does not publish to PyPI or a
hosted production deployment path today.
Use GitHub private vulnerability reporting or contact the maintainer listed in
pyproject.toml. Do not put secrets, live credentials, exploit payloads, or
private environment dumps in public issues.
Useful context for a report:
- affected component or workflow
- expected vs. observed behavior
- minimal reproduction steps
- whether the issue affects release artifacts, CI/CD policy, packaged runtime assets, plugins, or local operator secrets
Read these docs before changing sensitive areas: