If you discover a security vulnerability in Powerbrain, please report it responsibly:

1. Do not open a public issue.
2. Use GitHub Security Advisories to report the vulnerability privately.
3. Include: description, reproduction steps, affected components, and potential impact.

• Acknowledgment: within 3 business days
• Assessment: within 7 business days
• Fix: depending on severity, typically within 14 days for critical issues

This policy covers the Powerbrain codebase and its Docker Compose deployment. Third-party dependencies (Qdrant, PostgreSQL, OPA, Ollama) should be reported to their respective maintainers.