If you discover a security vulnerability in Carapace Protocol, please report it responsibly:
- GitHub Security Advisory — Open a security advisory on this repository (preferred).
- Email — Send details to security@relayforge.tools.
Please do not open a public issue for security vulnerabilities.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgement — within 48 hours
- Initial assessment — within 5 business days
- Fix or mitigation — as soon as reasonably possible, coordinated with the reporter
This policy covers:
- The Carapace Protocol specification
- The
carapace-sdkPython and TypeScript packages - The ARIA registry API
| Version | Supported |
|---|---|
| Latest | Yes |