Thank you for helping keep EverOS and its users safe.

Please do not open a public GitHub issue for a security vulnerability.

Report suspected vulnerabilities privately through one of the maintainer contact channels listed in the README, or by opening a GitHub security advisory if that feature is available for the repository.

Include as much detail as you can:

• Affected component or path.
• Steps to reproduce.
• Impact and likely severity.
• Relevant logs, requests, responses, or screenshots.
• Suggested fix, if you have one.

Security reports are most useful for:

• EverCore API, storage, tenant isolation, and memory retrieval behavior.
• Authentication, authorization, or data exposure risks.
• Secret handling in examples, demos, and deployment files.
• Benchmark or use-case code that could execute untrusted input unsafely.

Maintainers will review reports and coordinate a fix before public disclosure when the issue is confirmed.