We appreciate responsible disclosure to keep the Noēsis community safe.

• Use GitHub’s Private Vulnerability Reporting for this repository (preferred).
• If that is unavailable, open a GitHub Security Advisory draft for the repo.
• Avoid filing public issues for security findings.

• Description of the issue and potential impact
• Steps to reproduce (PoC or minimal repro)
• Affected versions/commits if known

• Acknowledgement within 3 business days
• Triage and remediation plan within 10 business days for confirmed issues
• We will coordinate disclosure timing and credit with you after a fix is available.

• The noesis Python package and this repository’s code and workflows
• Example assets and docs are in-scope if they can lead to a security issue in Noēsis usage

Thank you for helping keep Noēsis secure.