Skip to content

Security: kadubon/oasg

Security

SECURITY.md

Security Policy

OASG is local-first and network-free by default. The trusted core should not call model providers, external APIs, or shell commands unless the user explicitly invokes an adapter or runner that does so. Workflow optimization is limited to workflow-policy state; OASG does not train model weights.

Supported Version

Security review currently targets the reference package version in pyproject.toml.

Reporting

When the repository is published, report vulnerabilities through the GitHub security advisory channel. Until then, report issues directly to the maintainer.

Please include:

  • the command or API entrypoint used;
  • the input ledger, policy, or receipt shape needed to reproduce the issue;
  • whether the issue can create false positive promotion, unsafe external effects, secret exposure, or ledger integrity failure.

Security Model

Security-sensitive invariants:

  • Missing, stale, rejected, conflicted, overflowed, or untrusted evidence must not create positive credit.
  • Unknown taint is treated conservatively.
  • External effects are rejected by default unless explicitly enabled by policy and backed by receipts.
  • demo-replay and synthetic evidence are not eligible for production active_promoted.
  • Automatic promotion requires runner-produced trial ledgers, positive evidence witnesses, shadow and lease receipts, rollback availability, and a valid workflow-policy patch.
  • Adapters are observation channels only. They cannot act as evaluators or gates.

Runner Safety

The local-command runner is explicit and shell-free:

  • command arguments are passed as argv lists, not shell strings;
  • common shell executables are rejected;
  • stdout/stderr are hashed in receipts;
  • a zero exit code without a valid sealed OASG trial ledger is rejected;
  • network, financial, communication, secret-touching, and irreversible effects are not enabled by default.

Publication Checklist

Before publishing a release:

uv run pytest
uv run ruff check
uv run mypy src
uv run oasg conformance run examples/conformance

Also inspect generated artifacts before committing them. Experiment runs/, caches, .env files, and local optimizer state are intentionally ignored.

There aren't any published security advisories