The AgentARC team takes security issues seriously. We appreciate your efforts to responsibly disclose your findings.

Please do NOT report security issues through public GitHub issues.

Instead, please report security issues by emailing:

me@dipeshsukhani.dev

Include the following information in your report:

1. Description: A clear description of the issue
2. Steps to Reproduce: Detailed steps to reproduce the issue
3. Impact: What is the potential impact of this issue?
4. Affected Versions: Which versions are affected?
5. Suggested Fix: If you have a suggestion for how to fix the issue

• Acknowledgment: We will acknowledge receipt of your report within 48 hours
• Initial Assessment: We will provide an initial assessment within 7 days
• Updates: We will keep you informed of our progress
• Resolution: We aim to resolve issues within 90 days
• Credit: We will credit you in our release notes (unless you prefer anonymity)

• We follow a coordinated disclosure process
• We request that you do not publicly disclose the issue until we have had a chance to address it
• We will work with you to determine an appropriate disclosure timeline

When using AgentARC:

1. Keep Updated: Always use the latest version
2. Secure Your Keys: Never commit private keys or API keys to version control
3. Review Policies: Regularly review and update your policy.yaml configuration
4. Monitor Events: Use the event streaming feature to monitor transaction validation
5. Test First: Always test on testnets before mainnet deployment

This security policy applies to:

• The AgentARC Python package (agentarc)
• Official examples in the examples/ directory
• Documentation in the docs/ directory

Third-party integrations and forks are not covered by this policy.

We thank the following individuals for responsibly disclosing security issues:

• No reports yet - be the first!