Please do not disclose security issues in public GitHub issues.
Report suspected vulnerabilities or unsafe governance behavior to:
jw@nd.im
Include:
- affected package and version;
- minimal reproduction steps;
- expected vs. observed behavior;
- whether the issue affects receipt verification, approval binding, parser-pack decomposition, or action fingerprinting.
This repository does not include OSuite Studio's managed runtime, customer connectors, enterprise signers, or hosted evidence services.