MCP Runtime is currently alpha software. Security fixes are applied to the default branch and to the latest tagged release when a release tag is available.

Please do not open a public issue for a suspected vulnerability.

Use GitHub private vulnerability reporting or open a draft security advisory for Agent-Hellboy/mcp-runtime when that option is available. If private reporting is not available, contact the maintainer at princekroshan01@gmail.com and ask for a private coordination channel.

Include:

• affected commit, tag, or deployment version
• the component involved, such as CLI, operator, CRD, gateway, or Sentinel
• reproduction steps or a minimal proof of concept
• expected impact and any known mitigations

The maintainers will acknowledge valid reports as quickly as possible, assess impact, coordinate a fix, and publish disclosure notes once a remediation path is available.