Bundled documentation does not establish current support. Consult authenticated release metadata and the support matrix associated with the artifact. Security reports affecting this publication candidate are accepted through the private channel below.
The read-only product contract excludes unattended access to a terminal, repository, secret store, or production system; no version or support label broadens that boundary.
Authenticated release notes and the support matrix identify which immutable versions receive security updates. A version string or bundled document is not evidence that the version was published, remains available, or is currently supported.
Use GitHub's private vulnerability reporting for junit/structured-thinking. Include the affected version, the smallest reproducer, expected safe behavior, observed behavior, and whether data loss or unsafe tool use occurred. Do not open a public issue containing credentials, private prompts, or exploitable details.
Maintainers should acknowledge a report within five business days. Acknowledgement is not a resolution commitment; severity and remediation timing depend on reproducibility and impact.
The Plugin provides read-only communication, incident analysis, and decision analysis. It must not imply permission to:
- discard uncommitted or untracked files;
- run destructive Git commands;
- alter remote branches or releases;
- access production systems or secrets;
- convert an unverified hypothesis into a confirmed root cause.
Any future tool-executing companion must have its own permission contract, reversible operations, dirty-worktree tests, and security review.