SECURITY

Responsible disclosure.

If you find a security issue, please report it privately so we can respond quickly and transparently.

How to report

Email the security team with steps to reproduce, affected versions, and any proof of concept.

info@runledger.io

Scope

In scope

  • RunLedger CLI execution and artifact handling
  • Tool replay and cassette parsing
  • Report generation and HTML output

Out of scope

  • Third-party tools invoked by agents
  • Agent code and model prompts
  • Infrastructure outside the CLI runtime

Disclosure policy

We aim to acknowledge reports within 48 hours and provide remediation timelines as soon as possible.

01 Confirm the report and reproduce.
02 Patch and release a fix.
03 Publish a summary and CVE if needed.