| Version | Supported |
|---|---|
| 1.0.x | β Yes |
| < 1.0 | β No |
Please do not open a public GitHub issue for security vulnerabilities.
Report security concerns to:
π§ security@aiep.protocol (monitored β response within 72 hours)
Include in your report:
- A description of the vulnerability and its potential impact
- Steps to reproduce or proof-of-concept code
- The affected version(s) and component(s)
AIEP implementations follow a fail-closed security model:
-
Hash integrity β All reasoning artefacts are bound by SHA-256 hash chains (FC v1.0.0). Any tampering causes immediate execution suppression.
-
Append-only substrate β Evidence and Reasoning Ledgers are structurally immutable. No delete or update operations exist in the API.
-
Deterministic replay β Outputs are independently verifiable from stored ledger entries without access to runtime internals.
-
Zero external dependencies β Reduces supply-chain attack surface. All AIEP packages use
stdlibonly at runtime. -
Secrecy Layer (P05/GB2519802.9) β Cryptographic access controls for classified substrates are governed by the AIEP Secrecy Layer spec.
This policy applies to all Python and TypeScript packages in the AIEP monorepo:
aiep-*Python packages (FC v1.0.0 kernel)aiep-hub-validatorTypeScript packageAIEP-GENOME-SDKreference implementation
Out of scope: the AIEP patent specification documents (.md files) β these
are legal/technical documents, not executable software.
SPDX-License-Identifier: Apache-2.0
Β© 2025β2026 Neil Grassby. All rights reserved.