Assay is security-critical infrastructure for AI agents. We take vulnerabilities seriously.
| Version | Status |
|---|---|
| v2.x | ✅ Supported |
| v1.x | |
| v0.x | ❌ EOL |
Do not report security issues through public GitHub issues.
Report privately:
- Email: security@assay.dev
- GitHub: Use "Report a vulnerability" tab
Response time: 24 hours acknowledgment, 72 hours triage.
Assay runs in untrusted environments (CI/CD, agent sandboxes).
| Category | Examples |
|---|---|
| Policy Bypass | Circumventing deny lists, regex constraints |
| RCE | Code execution via malicious config/trace |
| MCP Violations | Unauthorized tool calls through proxy |
| Evidence Tampering | Bundle modification, manifest spoofing |
| Terminal Injection | ANSI escape attacks in evidence explore |
- Physical access attacks
- DoS (lower priority than integrity)
- Social engineering
- Content-addressed bundle IDs (SHA-256)
- JCS canonicalization (RFC 8785)
- Verification gate before any processing
x-assay-sigextension field- Sigstore/Rekor transparency logging
- Trust policy enforcement
- Landlock (rootless containment)
- eBPF/LSM (kernel enforcement)
- Environment scrubbing
| Component | Protection |
|---|---|
| Crates.io | Trusted Publishing (OIDC) |
| PyPI | Trusted Publishing |
| Dependencies | cargo-deny audit in CI |
| Releases | GitHub Actions, no manual tokens |