This repository is a specification only (no production code or runtime). There are no SLAs or security guarantees implied by this repo.

• For spec ambiguities, gaps, or safety concerns: open a GitHub Issue.
• Do not include private or sensitive data in issues.
• Vulnerability reports for sample JSON/snippets are out of scope; no executable release is maintained here.

If you implement the Assay Protocol:

• Follow your own org’s vuln disclosure and incident response processes.
• Treat any implementation as you would other security-sensitive infrastructure (logging, secrets management, review/approval of changes).