Security
APAI.run security baseline. The honest version: some controls are shipped, some are stubbed, and most of the deep scanning work lands in later phases. We do not claim certifications, customer wins, or audit results that have not happened.
Controls and posture
HTTPS everywhere
TLS 1.3 via Cloudflare Pages. All apai.run traffic is encrypted in transit.
Install Card Verification (heuristic-stub-v0)
Per-package install cards include a SHA-256 Checksum line. When an agent applies a card, it echoes the checksum back. POST /api/install/verify to validate. This catches LLM fabrications about which card was loaded and MITM card-swapping. It does not enforce runtime behavior - an agent that loaded the right card and then violated its rules will still echo the correct checksum.
Content Security Policy
Strict CSP headers locking script sources to apai.run and verified CDNs. Lands in Day 2 hardening pass.
Rate limits
Cloudflare Rate Limiting Rules on /api/* endpoints. Set when API stubs land.
Scanner: hidden Unicode
lib/scanner.ts detects format-control characters that could disguise instructions.
Scanner: suspicious patterns
lib/scanner.ts pattern-matches a small list of known-bad strings (ignore previous instructions, rm -rf, etc).
Real prompt-injection scanning
Multi-classifier scan with model-side detection. Not yet built.
OAuth scope review
Static analysis of MCP server permission scopes. Not yet built.
Dependency scanning
SCA on declared dependencies in apai.manifest entries. Not yet built.
Publisher signing
Verified publishers can sign packages. Signature validation in CLI and on registry pages.
Audit log export
Hash-chained install receipts exportable for compliance review.
Reporting a security issue
APAI.run is early. A formal coordinated-disclosure address will be published here when the program is open. Until then, please open a private GitHub Security Advisory against github.com/griffin9899/apai (Security tab when the repo is public).
Do not file public issues for vulnerabilities. Do not attempt to reach the project via social channels for security disclosure.
What APAI does NOT claim
- ·SOC 2, ISO 27001, FedRAMP, or any compliance certification. These are not yet pursued.
- ·That installing an APAI package is safe. The Capability Passport tells you what the package CLAIMS; v0.1 scanner is a stub.
- ·Enterprise customers, deployments, or pilots. Those have not happened yet.