Only the latest main branch and tagged releases are actively supported and reviewed for security issues.
Older versions are provided as-is without any security guarantee.

If you discover a potential vulnerability, please report it privately.

• Email: [email protected] (preferred)
• GitHub: use the “Private vulnerability report” option under Security → Advisories
• Do not create public issues or pull requests for unresolved vulnerabilities.

1. Reports are acknowledged within 72 hours.
2. A maintainer will contact you for technical details and reproduction steps.
3. A fix or mitigation will be prepared and reviewed privately.
4. Once resolved, a public advisory and changelog entry will be published.
5. Researchers may be credited (if they wish) after coordinated disclosure.

• Follow responsible disclosure practices.
• Do not perform unauthorized testing on live systems.
• Avoid denial-of-service, spam, or social engineering tests.
• Respect privacy and data ownership at all times.
• For deterministic safety tests, use offline or sandbox environments only.

Security review applies to:

• paxect_selftune_plugin.py — runtime control engine
• demo suite (01–07) — safe demonstration modules
• integration hooks used by CI/CD or external controllers

External tools or libraries (e.g., NumPy) are covered only under their own licenses.

For any responsible disclosure or security questions:

📧 [email protected]

All reports are handled confidentially and fairly by the maintainers.

© 2025 PAXECT Systems — Secure deterministic runtime control for modern enterprise workloads.