Please report security issues privately to the maintainers instead of opening a public issue.

Include:

• affected version or commit
• reproduction steps
• expected impact
• any suggested mitigation

Security response is prioritized for the launch-supported surface:

• Go server
• lifecycle HTTP API
• sdk/python/agent_space_sdk
• supported local Docker workflow in README.md