We actively maintain the following versions of the Agent Semantic Protocol:

If you discover a security vulnerability, please report it privately. Do not disclose it as a public issue.

1. Email: Send a detailed report to security@agent-semantic-protocol.org.
2. GitHub Private Advisory: Use GitHub’s private vulnerability reporting feature.

• A detailed description of the vulnerability.
• Steps to reproduce the issue.
• Potential impact and severity.
• Any suggested fixes or patches.

We are committed to addressing security issues promptly:

• Acknowledgment: Within 48 hours.
• Patch Development: Critical vulnerabilities will be patched within 14 days.
• Release: A new version will be released with the fix.

The following are not considered security vulnerabilities:

• Issues in unsupported versions.
• Vulnerabilities in third-party dependencies (please report these upstream).
• Misconfigurations in user environments.

• Ed25519 Signing: Ensures message authenticity and integrity.
• Noise Protocol Encryption: Secures transport-level communication.
• DID Binding: Decentralized identifiers for agent authentication.

Thank you for helping us keep the Agent Semantic Protocol secure! 🌟