Please do not open a public GitHub issue for security-sensitive problems.

Instead:

• email the maintainer privately if you have a direct contact path
• or open a GitHub private security advisory if repository settings allow it

Include:

• a clear description of the issue
• impact and affected surfaces
• reproduction steps or proof of concept
• any suggested mitigation if known

• acknowledgement as soon as practical
• a private discussion if more detail is needed
• a coordinated fix and disclosure path when appropriate

Kosmos is local-first software, but security still matters for local HTTP APIs, workspace scanning, file handling, and integration adapters.