AgentRail is pre-1.0 and ships from main. Security fixes land on main and
the latest published @useagentrail/cli release. Please run a current version
before reporting.
Do not open a public GitHub issue, pull request, or discussion for a security vulnerability. Public reports expose users before a fix is available.
Use one of these private channels instead:
- GitHub private advisory (preferred). Go to the Security tab of this repository and choose Report a vulnerability. This opens a private advisory visible only to you and the maintainers.
- Email. Send the report to egweybensigo@gmail.com with
SECURITYin the subject line.
Please include:
- A description of the vulnerability and its impact.
- Steps to reproduce, or a proof of concept.
- Affected version, commit SHA, or
agentrail --versionoutput. - Any suggested remediation, if you have one.
- Acknowledgement within 3 business days.
- An initial assessment and severity triage after we reproduce the issue.
- Coordinated disclosure: we will agree on a timeline with you, fix the issue privately, and credit you in the advisory unless you prefer to remain anonymous.
Thank you for helping keep AgentRail and its users safe.