iagent-stack · Security Policy

Security Policy

We take security seriously. The SDK handles developer credentials, API keys, and on-chain signing operations. Vulnerabilities matter.

How to report

Email security@ijarvis.ai with details. PGP encryption available on request. Please include:

• Affected component (this site, the SDK, a specific product module, a specific version)
• Reproduction steps or proof of concept
• Your assessment of severity and impact
• Whether you are willing to coordinate disclosure timing

Our response

• Acknowledgment within 72 hours of receipt
• Initial assessment within 7 days of receipt
• Coordinated disclosure preferred; fix + advisory published together
• Credit in the advisory if you want it (see Acknowledgments below)

Scope

In scope: iagentstack.com; the iagent-stack Python package; the SDK source repository at github.com/iJarvis/iagent-stack.

Out of scope: individual product surfaces (iagentfi.com, iagentref.com, iagentlog.com, and so on) each publish their own security.txt with product-specific contacts; direct those reports to the product-specific address.

Safe harbor

We will not pursue legal action against researchers who act in good faith, stay within scope, avoid data destruction, avoid privacy violations of third parties, and coordinate disclosure with us before public release.

Acknowledgments

No disclosed vulnerabilities yet. When the first coordinated disclosure closes, we will list the researcher here with their permission.

Contact

Security: security@ijarvis.ai. RFC 9116 security.txt.