Security reports should target the canonical monorepo:

• https://github.com/mapleleaflatte03/meridian

Archived mirrors are read-only and should not be used for new security reporting.

Use GitHub private vulnerability reporting:

• https://github.com/mapleleaflatte03/meridian/security/policy

Do not open public issues for exploitable vulnerabilities before maintainers triage and patch.

1. Affected module(s): loom/, kernel/, intelligence/
2. Reproducible steps and minimal payload
3. Impact assessment (confidentiality/integrity/availability)
4. Suggested mitigation or hardening idea (if available)

• Initial acknowledgment target: 72 hours
• Triage status update target: 7 days
• Public disclosure only after patch or explicit maintainer approval