Please do not open a public GitHub issue for security-sensitive reports.

Email security@hcompany.ai with:

• a description of the issue,
• a minimal reproduction (code snippet, request transcript, or steps),
• your assessment of the impact.

We aim to acknowledge new reports within two business days and to ship a fix or mitigation within thirty days for confirmed issues. We'll credit reporters in the release notes unless you'd rather stay anonymous.

Only the latest published release on PyPI is supported. Older versions don't receive security backports — pin to a version range that lets you upgrade.