If you find a way to bypass the policy gate, tamper with the audit chain
undetected, or forge a receipt, that is a vulnerability in this project —
please report it privately via GitHub's Report a vulnerability (Security →
Advisories) on this repository rather than opening a public issue. Include a
reproduction (ideally as a redteam.py case). You should receive a response
within a week.
Known, documented weaknesses are not vulnerabilities — see Honest limitations in the README before reporting:
- Regex command matching is a tripwire, not a sandbox; the red-team suite
ships known evasions on purpose (
scripts/redteam.py). - The audit chain is tamper-evident, not tamper-proof.
- Receipts use symmetric HMAC; whoever can verify can sign.
- Role scoping trusts the
agent_typefield; it is not cryptographic identity.
A report that converts a documented evasion into a silent bypass of a rule that claims to cover it is in scope.
Only the latest release receives fixes.