The VibeShield Security Framework follows semantic versioning. Security patches are applied to the latest release branch.

We take security vulnerabilities seriously. If you discover a security issue in the VibeShield Security Framework, please report it responsibly.

Instead, report vulnerabilities via:

1. GitHub Security Advisories: Use the Security tab on this repository (recommended)

• Description of the vulnerability
• Steps to reproduce
• Potential impact assessment
• Any proof-of-concept code (encrypted preferred)

1. We will acknowledge receipt within the timeline above
2. We will investigate and determine severity
3. We will coordinate a disclosure timeline with you
4. Credit will be given in the release notes (unless anonymity is requested)

The VibeShield Security Framework is designed with the following threat model:

• Container escape via Podman misconfiguration
• Network egress from sandboxed agents
• Data leakage through shared resources (CPU side-channels, memory)
• Compromised agent logic attempting privilege escalation
• Supply chain attacks via malicious base images

• Physical access to host hardware
• Kernel-level exploits (mitigated by keeping host updated)
• Social engineering of operators

Untrusted Zone          Semi-Trusted Zone         Trusted Zone
(Agent Code)           (Podman Runtime)          (Host + Escrow)
┌──────────┐          ┌──────────────┐          ┌──────────────┐
│ Agent LLM│──network──│ Rootless Pod │──socket──│ Escrow Engine │
│ Tools    │  isolate  │ crun runtime │  quadlet │ Rs Scoring   │
│ Payload  │  drop all │ seccomp      │  systemd │ Settlement   │
└──────────┘  caps     └──────────────┘          └──────────────┘

• Base images are built from scratch using FROM scratch + minimal package install
• All dependencies are pinned with hash verification in requirements.txt
• Containerfile uses COPY --chown to prevent privilege escalation during build
• No multi-stage build secrets leak (build arguments are not persisted)