# Security Policy ## Supported Versions This repository is currently in an early alpha stage. Security fixes are expected on: - the current `main` branch - the newest tagged pre-release, when one exists Older snapshots may not receive backported fixes. ## Reporting a Vulnerability Please do **not** open a public issue for a suspected security problem before the maintainer has had a chance to assess it. Preferred process: 1. Report the issue privately through your forge's private reporting workflow, if available. 2. If private reporting is not available, contact the maintainer through the repository owner profile first. 3. Include: - affected version or commit - reproduction steps - impact - any workaround, if known ## Scope Relevant security reports include: - credential or token leakage - unsafe network handling - update or packaging integrity issues - sandbox, entitlement, or macOS permission mistakes - malicious or unintended code execution paths Reports that are only stream-quality, broken station metadata, or ordinary playback bugs should go through the normal issue tracker.