Clarity Gate is a verification methodology, not a security tool. However, we take security seriously.
If you discover a security issue:
- Do NOT open a public issue
- Email: [email protected]
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Acknowledgment: 48 hours
- Initial assessment: 7 days
- Resolution target: 30 days
Clarity Gate verifies FORM, not TRUTH. It cannot:
- Detect malicious content
- Verify factual accuracy
- Replace security scanning tools
- Prevent prompt injection
If you're implementing a validator:
- Use validators from trusted sources (official releases)
- Verify validator version matches specification version
- See RFC-004 for parser hardening requirements
- Implement resource limits (see FORMAT_SPEC §Security)
| Version | Supported |
|---|---|
| 2.1.x | ✅ Yes |
| 2.0.x | ✅ Yes |
| < 2.0 | ❌ No |