fix readme and crate metadata, add security policy for security.txt

Cargo.toml

@@ -8,8 +8,8 @@ edition = "2021"
 license = "Apache-2.0"
 homepage = "https://ore.supply"
 description = "ORE liquid staking token."
-documentation = "https://docs.rs/ore-api/latest/ore_api/"
-repository = "https://github.com/regolith-labs/ore"
+documentation = "https://github.com/regolith-labs/ore-lst#readme"
+repository = "https://github.com/regolith-labs/ore-lst"
 readme = "./README.md"
 keywords = ["solana"]
 

README.md

@@ -6,8 +6,8 @@ ORE liquid staking token (stORE).
 ## API
 - [`Consts`](api/src/consts.rs) – Program constants.
 - [`Error`](api/src/error.rs) – Custom program errors.
-- [`Event`](api/src/error.rs) – Custom program events.
 - [`Instruction`](api/src/instruction.rs) – Declared instructions and arguments.
+- [`Sdk`](api/src/sdk.rs) – Instruction builders for clients.
 
 ## Instructions
 

SECURITY.md

@@ -0,0 +1,20 @@
+# Security policy
+
+## Supported versions
+
+Security updates apply to the latest commit on the default branch of this repository and to deployed program versions the maintainers currently support. Older revisions may not receive backports.
+
+## Reporting a vulnerability
+
+Please report security issues privately so they can be addressed before public disclosure.
+
+- **Email:** hardhatchad@gmail.com  
+- **Discord:** hardhatchad (as listed in the on-chain security.txt for this program)
+
+Include a clear description of the issue, affected components (program, API crate, CLI), and steps to reproduce if applicable. We aim to acknowledge reports within a few business days.
+
+Please do not open a public GitHub issue for undisclosed vulnerabilities.
+
+## Disclosure
+
+After a fix is available, we may coordinate public disclosure with the reporter. Credit will be offered if desired.