This repository is currently pre-release. Security fixes apply to the active main branch and any explicitly tagged release once releases begin.
Do not file public issues with secrets, exploit details, tokens, private channel ids, or private harness state. Report privately to the repository owner/operator with:
- affected commit or release,
- reproduction steps,
- whether secrets, prompts, channel messages, or local command execution are involved,
- relevant sanitized receipts or trace ids.
- Long-lived secrets should move to the repo-local encrypted vault implemented by
agent-harness vault-put/agent-harness vault-get. vault-getreports presence and byte length only; it does not print decrypted secret values.- Plugin and MCP real invocation must stay behind explicit allow-lists, timeouts, per-agent/channel permissions, and receipts.
- Shell execution must be restricted to canonical allowed roots and should add hash pinning/env scrubbing before broader live use.
- Public exports must pass
agent-harness public-hygieneand must not include.agent-harness,.review,.debug, or secret paths.
Before a public release, run:
cargo fmt --allcargo test --workspace- dependency advisory audit when the advisory DB/tool is available
agent-harness schema-registryagent-harness invariantsagent-harness public-hygiene --root <public-export-root>