The Magick Programming Language (MPL) takes the integrity of the ritual space seriously. Just as a physical protective circle must be unbroken, our codebase must be free of vulnerabilities that could allow for malicious invocations or system compromise.

We currently support security updates for the following timelines (versions):

If you have discovered a security vulnerability (a "Crack in the Seal") within MPL, we appreciate your help in disclosing it to us responsibly.

PLEASE DO NOT open a public GitHub Issue for sensitive security vulnerabilities. Doing so may expose other users ("Practitioners") to immediate risk before a counter-spell (patch) is ready.

Please email the lead maintainer directly at:
📧 [INSERT YOUR EMAIL HERE] Subject: [SECURITY] MPL Vulnerability Report

Please include:

1. Type of Breach: (e.g., Code Injection, Sandbox Escape, Memory Leak).
2. The Incantation: Steps to reproduce the vulnerability (POC code).
3. Impact: What can a malicious actor achieve with this?

• Acknowledgment: We will acknowledge your report within 48 hours.
• Assessment: We will assess the severity and impact.
• The Fix: We aim to release a patch (hotfix) within 14 days for critical issues.
• Public Release: Once the fix is deployed, we will publicly thank you in our release notes (unless you prefer anonymity).

The following are not considered security vulnerabilities:

• User Error: A "Backfire" caused by a user writing a recursive loop that crashes their own machine (this is a failed ritual, not a system flaw).
• Philosophical Disagreements: Arguments about the ontology of the "Magicians" database.
• Theoretical Physics: Claims that the Tesla Protocol violates the laws of thermodynamics.

If you conduct security research on MPL in good faith and follow this policy:

• We will not initiate legal action against you.
• We will work with you to understand and resolve the issue quickly.
• We will recognize your contribution to the strengthening of the MPL architecture.

"Trust in the code, but verify the wards."