| title | AWO Security Policy | ||||||
|---|---|---|---|---|---|---|---|
| filetype | documentation | ||||||
| type | non-normative | ||||||
| version | 2.0.0 | ||||||
| doi | 10.5281/zenodo.18201829 | ||||||
| status | Active | ||||||
| created | 2026-01-07 | ||||||
| updated | 2026-01-09 | ||||||
| author |
|
||||||
| maintainer |
|
||||||
| license | Apache-2.0 | ||||||
| copyright |
|
||||||
| ai_assisted | partial | ||||||
| ai_assistance_details | AI-assisted drafting under human oversight; security scope restricted to disclosure procedures only. | ||||||
| dependencies | |||||||
| anchors |
|
This repository defines methodology and documentation, not executable software.
However, the integrity and authenticity of the files are mission-critical for the AWO v2.0.0 governance surface.
This document describes the security expectations and reporting process for this repository.
This policy covers:
- Integrity of methodological documents
- Unauthorized modification to normative content
- Tampering with schemas or contract definitions
- Breaks in provenance or metadata accuracy
- Incorrect attribution or missing provenance fields
This policy does not cover:
- Runtime exploits (no executable code present)
- CI/CD vulnerabilities (no pipelines included)
- Server or hosting security (GitHub handles infra)
- Enforcement-layer security (belongs to CRI-CORE)
If you believe you’ve identified:
- unauthorized file changes
- broken provenance
- suspicious commit activity
- discrepancies in metadata
- compromised artifacts or schemas
please report immediately to:
You should include:
- The file or artifact affected
- The commit hash where the issue appears
- A brief description of the discrepancy
- Any evidence of tampering or mismatch
- Whether the violation breaks SCOPE, INVARIANTS, or ROLES
Waveframe Labs will:
- acknowledge the report within 72 hours
- review the reported discrepancy
- assess whether methodological validity is compromised
- document findings in an ADR (if required)
- restore valid files or revert corrupted changes
- notify affected collaborators
If an issue impacts multiple files or schemas:
- A “method integrity audit” will be triggered
- A full provenance trace will be reconstructed
- Any compromised artifacts will be superseded (never silently corrected)
Because AWO is built on traceability and reproducibility, security is defined as:
the preservation of artifact identity, provenance, and role legitimacy.
A break in provenance is treated as a security incident.
A break in metadata is treated as a methodological violation.
Unauthorized edits or silent rewrites invalidate affected artifacts and require immediate remediation.
This repository is provided:
“as is,” without warranty of any kind.
It defines methodology, not execution.
Security responsibility for any downstream tooling or implementation rests with those systems, not AWO.
© 2026 Waveframe Labs — AWO v2.0.0 Security Policy