Edition is the heir-template repository for the Alex_ACT constellation. The static-fetch model in docs/adrs/ADR-009-extension-github-fetch-brain.md means every Edition release fetched by the VS Code Marketplace Extension lands directly in heir workspaces on the next upgrade. That makes Edition a high-value supply-chain target.
The accepted risk explicitly stated in ADR-009:
Compromised Edition repo ships compromised brain to every heir on next upgrade.
Mitigations in place:
- Branch protection on
mainwith required reviews - GitHub Release published with
--target <commit-sha>to pin the release object to a specific SHA (not a moving branch) - Edition Contract manifest (
.github/config/edition-manifest.json, spec 1.4+) validated by the Extension before any destructive install op min_extension_versionfloor in the manifest prevents older Extensions from installing a contract they don't understand
This policy is how you report a suspected violation of those controls.
In order of preference:
- GitHub private vulnerability reporting —
Securitytab →Report a vulnerability. Routes to the maintainer without public disclosure. - Email —
fabio@correa.iowith[ACT-SECURITY]in the subject line. - Inbound feedback channel — write a file to
Alex_ACT_Memory/feedback/with frontmattercategory: securityandseverity: high|criticalper the Alex_ACT_Memory SCHEMA. Only viable for users who already have AI-Memory wired (most active heirs).
Do not open a public issue or PR for security reports. Sanitize any logs you attach (strip secrets, paths with usernames, internal repo URLs).
| Severity | Maintainer ack | First mitigation update |
|---|---|---|
| Critical (active compromise, brain payload tampering, manifest bypass) | 24 hours | 72 hours |
| High (privilege escalation, supply-chain risk, data exposure in shipped brain) | 48 hours | 7 days |
| Medium / Low | 7 days | next Edition release |
Single-curator project — SLA is best-effort, not contractual.
- Tampered brain content shipping through the Extension fetch (skill/instruction/prompt/agent file bytes differ from the tagged release)
- Edition Contract manifest values that the Extension trusted but turn out wrong (
min_extension_version,brain_subtrees,marker_schema) - Brain artefacts that bypass
system-prompt-skepticism.instructions.mdorpii-memory-filter.instructions.mdin a reproducible way - Credentials, tokens, PII, or real client names committed anywhere in this repo
- Compromise of the Edition release tag chain (force-pushed tags, unsigned commits on
main, release object pointing at unexpected SHA)
- VS Code Extension surface (
extension.js, manifest, walkthrough, signing): report to Alex_ACT_Extension/SECURITY.md - Curator / framework / shared-core authorship (
act-pass,epistemic-calibration, etc.): report to Alex_ACT_Supervisor/SECURITY.md - Plugin Mall content: report to that plugin's upstream first; the Mall is a curated catalog, not the author of plugin content
In scope:
- This repo (
Alex_ACT_Edition) — brain content shipped to heirs - The Edition release tag chain on
main - The Edition Contract manifest schema as consumed by Extension v9.4.0+
Out of scope:
- Heir projects deployed from Edition (those are user-owned)
- The Extension's host code (route to Extension repo)
- Third-party Mall plugins
This project ships under PolyForm-Noncommercial-1.0.0. The security policy applies regardless of license terms.
This policy is decoration if 12 months pass with zero security reports AND no incident occurred. Re-evaluate by 2027-06-10. If decoration is the verdict, sunset and replace with a one-paragraph ## Security section in README.md.