SZL Holdings takes the security of its software seriously. If you believe you have found a security vulnerability in this repository, please report it responsibly.

• Contact: security@szl-holdings.dev (or stephenlutar2@gmail.com)
• Do not open a public issue for security-sensitive reports.
• Responsible disclosure period: 90 days from acknowledgement before public disclosure, coordinated with the reporter.

We will acknowledge receipt within 3 business days and provide a remediation timeline.

Releases are built with SLSA provenance (L1 honest) and SBOMs (CycloneDX). Container images and release artifacts are signed with Sigstore cosign. The cosign public key fingerprint is published in the release notes.

Doctrine v11 LOCKED 749/14/163 · Λ Conjecture 1 · Sovereign-default preserved.