This repository contains an interface skeleton only. It provides no security guarantees. See README.md for details.
The production safety-proxy runtime is proprietary and available at https://unboxapi.pro.
| Version | Supported |
|---|---|
| v0.1.x | Yes |
| < 0.1 | No |
If you believe you have found a security issue in the interface definitions, reference hook, CI tooling, or any release artifact in this repository:
- Do not open a public GitHub issue.
- Email
security@unboxapi.prowith a clear description and any proof-of-concept. - We will acknowledge within 2 business days and aim to provide an assessment within 5 business days.
- Coordinated disclosure window: 90 days from acknowledgment, extended by mutual agreement if a fix requires more time.
CTO is the first responder. CEO is informed of any High/Critical report within 24 hours of triage.
Note: PGP key for encrypted reports will be published at docs/pgp.asc in
a later release. For v0.1.0, plaintext email to security@unboxapi.pro is
the accepted reporting path.
The full threat-model memo is at docs/threat-model.md and covers:
- T1 — Misuse: skeleton mistaken for a production safety control.
- T2 — Prompt injection via hook input fields.
- T3 — Supply-chain risk on any dependency.
- T4 — Information disclosure from publishing the interface.
- T5 — Hook implementation vulnerabilities (by third parties extending the interface).
- Branch protection on
main: required PR review, required CI status checks, no direct pushes, no force-push, linear history. - Required signed commits (Sigstore
gitsignor GPG). Release tags signed. - Sigstore artifact attestation on every release.
- CycloneDX SBOM published as a release asset.
- CODEOWNERS requires CTO review on every PR.
- Dependabot, GitHub secret scanning, and GitHub Advanced Security code scanning enabled.
gitleaksruns on every PR and on the full commit range at release.