AgentFence is a security tool. We take vulnerabilities in it seriously and appreciate coordinated disclosure.

AgentFence is pre-1.0 and under active development. Security fixes are applied to the latest released minor version; older versions are not maintained.

Please do not open a public issue for security vulnerabilities.

Report privately using GitHub's private vulnerability reporting — the "Report a vulnerability" button under the repository's Security tab. This opens an advisory visible only to the maintainers.

Where possible, include:

• a description of the issue and its impact,
• steps to reproduce or a proof of concept,
• affected version(s) and configuration,
• any suggested remediation.

• Acknowledgement within 3 business days.
• An initial assessment and severity triage within 10 business days.
• Coordinated disclosure: we will agree a disclosure timeline with you and credit reporters who wish to be named.

AgentFence enforces policy before a tool call executes; it is not a sandbox and does not contain a call already forwarded to a tool server (see docs/threat-model.md). Behavior explicitly documented as out of scope in the threat model may be closed as informative — but if in doubt, report it and let us decide.