If you discover a security vulnerability in Prototyper UI, please report it responsibly.

Email: security@prototyper-ui.com

Please include:

• A description of the vulnerability
• Steps to reproduce
• Affected package(s) and version(s)
• Any potential impact assessment

• Acknowledgment: Within 48 hours of report
• Initial assessment: Within 5 business days
• Fix timeline: Depends on severity
  • Critical: Patch release within 7 days
  • High: Patch release within 14 days
  • Medium/Low: Next scheduled release

The following packages are in scope:

• @prototyperco/ui
• @prototyperco/cli
• @prototyperco/mcp
• @prototyperco/compose
• @prototyperco/machine-mode
• The documentation site at prototyper-ui.com

• Third-party dependencies (report upstream)
• Social engineering attacks
• Denial of service attacks

We follow coordinated disclosure. Please allow us reasonable time to address the issue before public disclosure. We will credit reporters in the release notes unless anonymity is requested.