Only the main branch receives security fixes. No patch releases are issued for historical tags.
| Version | Supported |
|---|---|
main |
Yes |
| Tagged releases | No |
Preferred channel - GitHub Security Advisories
Open a private advisory at: https://github.com/augustineuzokwe/rtia/security/advisories/new
GitHub keeps the report confidential until disclosure is coordinated. Do not open a public issue or pull request for security vulnerabilities.
Fallback contact
If GitHub Security Advisories are unavailable, email augustine.uzokwe@gmail.com with the subject line [RTIA SECURITY] <short description>.
| Milestone | Target |
|---|---|
| Acknowledgment | Within 72 hours of report |
| Triage / severity assignment | Within 7 days |
| Fix or mitigation | Best effort; coordinated with reporter |
We will keep the reporter informed at each milestone and coordinate public disclosure timing with them.
The following are in scope:
| Area | Reference |
|---|---|
| Agent prompt-injection (user-controlled text influencing agent behaviour) | suspicious_input flag on Analyst output |
| LLM output rendered without sanitization (XSS, markup injection) | Output sanitizer in agents/_sanitize.py; see docs/adr-0009-llm-fallback.md |
| Runtime secret leakage via agent inputs | Pre-LLM secret-regex blocker in agents/_secret_scan.py |
| PII exfiltration through LangSmith tracing in production | Production-tracing guard in agents/observability.py; see docs/adr-0008-pii-langsmith.md |
| Silent LLM-error fallbacks masking failures | Structured LLMPipelineError + stub artifact path; see docs/adr-0009-llm-fallback.md |
| Pipeline graph correctness (wrong agent order producing incorrect artifacts) | Core pipeline |
| Eval suite ground-truth poisoning (malicious samples biasing benchmarks) | evals/ directory |
The following are out of scope for this repository:
- Vulnerabilities in the Gemini model itself - report to Google
- Vulnerabilities in LangChain / LangGraph upstream - report to their security page
- Customer-deployment hygiene (self-hosted infrastructure, key management)
- Denial-of-service via LLM cost amplification (rate-limiting is not currently implemented)
- Social engineering of maintainers
docs/adr-0008-pii-langsmith.md- ADR refusing LangSmith tracing in production to prevent PII leakagedocs/adr-0009-llm-fallback.md- ADR requiring structured failure instead of silent degradationGUARDRAILS.md- Behavioural policies enforced by agents, each mapped to its agent / prompt / test