If you discover a vulnerability, please do not open a public issue.

Report it privately via GitHub Security Advisories. I'll respond on a best-effort basis and work with you on a fix and disclosure timeline.

In scope: the coide application code in this repository. Out of scope: vulnerabilities in upstream dependencies (Electron, Claude CLI, node-pty) — please report those to their respective maintainers.