openlatch-client 0.1.5

The open-source security layer for AI agents — client forwarder
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

# Security Policy

OpenLatch is security infrastructure — we hold our own code to the same standard we enforce for AI agents.

## Supported Versions

| Version | Supported |
| ------- | --------- |
| Latest release | :white_check_mark: |
| Previous minor | :white_check_mark: (backport on request) |
| Older | :x: |

We recommend always running the latest version.

## Reporting a Vulnerability

**Do not open a public issue for security vulnerabilities.**

Use one of these private channels:

| Method | Details |
| ------ | ------- |
| GitHub Private Reporting | [Report a vulnerability](https://github.com/OpenLatch/openlatch-client/security/advisories/new) (preferred) |
| Email | **security@openlatch.ai** |

### What to Include

- Description of the vulnerability and its impact
- Steps to reproduce (minimal reproducible example preferred)
- Affected version(s)
- Severity assessment (if known)

### Our Commitment

| Step | Timeline |
| ---- | -------- |
| Acknowledge receipt | Within **2 business days** |
| Triage and initial assessment | Within **5 business days** |
| Fix shipped | Best effort, dependent on severity |
| Public disclosure | After fix is released, coordinated with reporter |

## Acknowledgments

We credit researchers who report vulnerabilities responsibly in our release notes (unless you prefer anonymity). Include your preference in your report.

## Supply Chain Security

- All release binaries are built via GitHub Actions with full provenance
- Dependencies are audited via `cargo audit` and Dependabot
- We pin all CI action versions to specific SHAs

Thank you for helping make AI agents safer.