# Security Policy

## Supported Versions

Security updates are provided on a best-effort basis for the latest state of the `main` branch.

## Reporting a Vulnerability

Please do not report security issues in public GitHub issues.

Use GitHub private vulnerability reporting:

- https://github.com/eggent-ai/eggent/security/advisories/new

Include:

- affected component and version/commit
- clear reproduction steps or proof of concept
- impact assessment
- suggested mitigation (if known)

## Response Process

- initial acknowledgment target: within 72 hours
- status updates: as investigation progresses
- fix and disclosure timing: depends on severity and exploitability