SpecSmith security assumptions, threat inventory, controls, and hardening guidance are documented in:

• docs/security-threat-model.md

• Do not open a public issue for suspected vulnerabilities.
• Preferred private report channels:
  • GitHub Security Advisory: https://github.com/layer1labs/specsmith/security/advisories/new
  • Email: info@layer1labs.com
• Include affected version, impact, reproduction details, and suggested mitigations if available.

Security fixes are prioritized for the current release line. Older unsupported versions may not receive patches.