This is the security policy for Vouch — the identity infrastructure for AI agents, distributed today as the open-source agent-auth package on GitHub.

Do not file public issues for security reports.

Open a GitHub draft security advisory on the repo (Security tab → Advisories → New draft) — that keeps disclosure private until we coordinate. As an alternative, you can email the maintainer team via the address listed in package.json. Include:

• A short description of the issue.
• Steps to reproduce, with a minimal code sample if possible.
• The version (git rev-parse HEAD output) you tested against.
• Whether you believe the issue is exploitable in production deployments vs. only in a contrived test environment.

We aim to acknowledge reports within 2 business days. Vouch is small (one full-time maintainer at the moment), so urgent triage may take a few extra hours outside business windows — please escalate via the advisory thread if the severity warrants it.

We follow a 90-day disclosure window (CERT/CC tradition). If a fix ships earlier we will credit the reporter in the release notes (with their consent).

In-scope:

• Anything in src/ that affects authentication correctness, key confidentiality, audit integrity, or tenant isolation.
• The Postgres schema migrations under schema/migrations/.
• The build / release pipeline under .github/workflows/.

Out-of-scope:

• Issues that require root on the SaaS host running the lib (RT-7 per SPEC §6.2.7 — outside lib boundary).
• Issues that require the SaaS to misconfigure the lib in ways that contradict docs/PRE_RELEASE_CHECKLIST.md.
• Vulnerabilities in third-party services the lib integrates with (GitHub OAuth, AWS KMS, AWS S3) — please report those to the responsible vendors.

The threat model is documented in SPEC.md Part VI. Each of the 44 RT-* threats is mapped to a mitigation, and the test suite exercises 32 of them automatically (see docs/PRE_RELEASE_CHECKLIST.md). The remaining 11 are SaaS-side or operational controls outside the test harness; 1 is reserved upstream.

The lib follows semantic versioning. Security fixes are backported to the most recent minor in the latest major stream. Older majors stop receiving fixes 12 months after the next major ships.