Responsible disclosure
AgentReady reports have one owner-confirmed public contact.
JEASON confirmed contact@certif-scope.com as the public legal, privacy and reporting contact for TimeProofs AgentReady. Do not include secrets, credentials, private contracts or unnecessary personal data in a report.
Reporting contact
Use contact@certif-scope.com for legal, privacy and responsible-disclosure reports. No response time, bounty, SLA, guaranteed fix or certification is promised.
In scope
What reports should cover.
- Browser scanner pages and local file handling.
- AgentReady CLI and GitHub Action behavior.
- agentready.json v0.1 outputs, documentation and examples.
- Static-analysis behavior that could mislead users about risk.
Reporting boundary
The contact channel is public, but this page does not create a vulnerability bounty program, incident-response SLA, guaranteed correction commitment or security certification.
Disclosure non-goals
- This page does not invite testing of systems you do not own or have permission to assess.
- It does not promise a response time, bounty, SLA, commercial support or guaranteed fix.
- It does not turn AgentReady into a runtime security product or certification service.
Mandatory limitation
TimeProofs AgentReady does not guarantee that an AI agent will never fail. It identifies structural risks that may cause AI agents to misuse APIs, tools or MCP servers.
AgentReady at a glance
Responsible disclosure uses the owner-confirmed contact contact@certif-scope.com without promising a bounty, SLA, guaranteed fix or certification. AgentReady is a product and candidate open standard for static pre-deployment analysis. It is not a runtime firewall, independent certification, official standards-body standard or guaranteed-safety system.
- Availability
- AgentReady Community is free and available. AgentReady Pro is planned and not purchasable.
- Language
- English is the current canonical language. No translated alternate route is published for this page.
