If you discover a security vulnerability in this project, please do not open a public GitHub issue.

Report it privately to the VTEX security team:

Email: security@vtex.com

Please include:

• A description of the vulnerability and its potential impact
• Steps to reproduce the issue
• Any relevant logs, screenshots, or proof-of-concept code

We will acknowledge receipt within 5 business days and aim to resolve critical issues within 30 days.

Only the latest published version of this app is actively supported with security fixes.

This policy covers the GraphQL schema and supporting tooling in this repository. Note that this is a schema-only repository — runtime resolver behavior lives in vtex.search-resolver, and the IS backend in vtex.intelligent-search-api. Issues that involve runtime behavior should also be reported against those repositories. Runtime infrastructure operated by VTEX is outside this scope and should be reported via the same email.