Please report security issues privately through GitHub Security Advisories or direct maintainer contact.

• local access controls and single-user mode enforcement
• API surface and request validation
• OpenAI integration and secret handling
• launchd/runtime deployment scripts

Please avoid public exploit disclosure before a fix is published.