YAI is under active structural development and refoundation.

Security-sensitive behavior, trust boundaries, and enforcement paths are still being consolidated as part of the OS-like runtime restructuring.

Do not assume that all repository areas currently provide production-grade security guarantees.

Security work in this repository is tied to:

• runtime authority and enforcement
• supervision and control-plane attachment
• state/evidence traceability
• boundary hardening across governed domains

Security reporting workflow is not yet finalized in this root document. Until a dedicated policy is published, security-sensitive issues should be handled conservatively and privately by the repository maintainer.