Skip to content

Security: Bensigo/agentrail

Security

SECURITY.md

Security Policy

Supported versions

AgentRail is pre-1.0 and ships from main. Security fixes land on main and the latest published @useagentrail/cli release. Please run a current version before reporting.

Reporting a vulnerability

Do not open a public GitHub issue, pull request, or discussion for a security vulnerability. Public reports expose users before a fix is available.

Use one of these private channels instead:

  1. GitHub private advisory (preferred). Go to the Security tab of this repository and choose Report a vulnerability. This opens a private advisory visible only to you and the maintainers.
  2. Email. Send the report to egweybensigo@gmail.com with SECURITY in the subject line.

Please include:

  • A description of the vulnerability and its impact.
  • Steps to reproduce, or a proof of concept.
  • Affected version, commit SHA, or agentrail --version output.
  • Any suggested remediation, if you have one.

What to expect

  • Acknowledgement within 3 business days.
  • An initial assessment and severity triage after we reproduce the issue.
  • Coordinated disclosure: we will agree on a timeline with you, fix the issue privately, and credit you in the advisory unless you prefer to remain anonymous.

Thank you for helping keep AgentRail and its users safe.

There aren't any published security advisories