If you discover a security vulnerability in Agora Governance, please report it responsibly:
- Do not open a public GitHub issue
- Email: [security@example.com] (replace with actual security contact)
- Include: description, steps to reproduce, potential impact
Agora Governance follows these security principles:
- Default-deny: High-risk operations are blocked by default
- Defense in depth: Multiple layers (classification, trust, HITL)
- Fail-safe: If the governance layer is unreachable, actions are denied
- Audit trail: All governance decisions are logged
- No secrets in code: API keys and credentials must be provided via environment variables
Security vulnerabilities in:
- Policy bypass mechanisms
- Trust escalation flaws
- HITL escalation race conditions
- Audit log tampering
- Vulnerabilities in downstream dependencies
- Social engineering attacks
- Issues in example code that don't affect the core library