Only the current major version (v1.x) is supported for security updates.

If you discover a security boundary gap or a way to bypass the runtime gates, please do not open a public issue. Instead, follow the internal disclosure process or use the security_boundary_gap.md issue template for restricted reports.

• RULE-STRICT-UNKNOWN: Any unknown state is treated as prohibited.
• RULE-NORMALIZED-PERMISSION: Permissions must be explicit and scoped.
• RULE-UNREGISTERED-ASSET-INACTIVE: Unregistered skills or artifacts are ignored by the runtime.

This runtime is designed to prevent:

1. Destructive shell actions.
2. Unauthorized tool usage.
3. Credential exfiltration.
4. External data collection without explicit validation.
5. Unattended autonomous loops.