This project includes telephony, routing, and credential-driven integrations. Assume secrets and environment values are sensitive by default.

Please do not publish live credentials, tokens, or exploit details in a public issue.

If you discover:

• exposed API keys
• leaked database credentials
• auth bypasses
• telephony abuse paths
• billing or tenant-isolation issues

report them privately to the project maintainer first.

• Never commit real .env files.
• Never hardcode provider credentials in scripts or tests.
• Rotate compromised credentials immediately, even if the commit is later removed.
• Treat old clones, backup bundles, forks, and stale remote branches as potentially sensitive until they are cleaned up.