Skip to content

Security: paywqiao-max/agent-runtime-specification

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in the ARS specification or its reference implementations, please do NOT open a public issue.

Instead, send a description to the project maintainers. We will acknowledge receipt within 48 hours and provide a timeline for resolution.

Scope

This security policy covers:

  • The ARS Bootstrap Specification (Ch1–Ch9)
  • The reference implementation (implementations/python/)
  • Documented contracts and invariants

Out of Scope

Vulnerabilities in:

  • Downstream projects using the Python reference implementation
  • Third-party dependencies
  • Agent platforms (runtimes (Python Reference Implementation, Codex CLI), etc.)

There aren't any published security advisories