Security reports are welcome for the code and configuration currently present in this repository, including:

• FastAPI application code in src/app/
• DSPy modules and optimization pipeline in src/core/ and src/pipeline/
• container and deployment configuration in Dockerfile, docker-compose.yml, and k8s/

Please do not open public GitHub issues for suspected vulnerabilities.

Instead, report the issue privately to the maintainers using the contact information listed in README.md. Include:

• a clear description of the issue
• impact and affected components
• reproduction steps or proof of concept
• any suggested mitigation if available

• An initial acknowledgment as soon as practical
• Follow-up questions if reproduction details are incomplete
• A fix, mitigation, or documented risk decision depending on severity and scope

Please give maintainers reasonable time to investigate and address the issue before public disclosure.