Security
How to report an issue, what this system assumes about attackers, and an open invitation.
Report an issue
If you find a security issue anywhere on this site or in the product's public surfaces, report it to security@lawsofrobots.net.
You will be read by the operator — the person who can actually fix it. This is a single-operator project: expect an acknowledgment within a few days, an honest severity assessment, and a fix or a published advisory when one is warranted. There is no SLA theater on offer; what is on offer is that your report lands directly with the one person who owns every layer.
In scope: this site and its published files (including security.txt and the advisories feed), and the product's public surfaces. This site collects no personal data, so there is none here to leak — see Privacy.
Designed for adversaries
The system this site describes assumes adversaries — including privileged ones. Every decision is written to a tamper-evident, append-only record. Verification of that record works offline, so cutting the network does not blind an audit.
There is no remote kill switch and no in-the-moment override path: a refusal cannot be talked out of the machine mid-decision — by anyone. Certification is separated by construction: the operator holds no key that could self-clear the system, and an attempt to self-clear is itself detectable.
Key custody is described only at the level already public in the certifier's record. This page states the threat model, never the defenses.
Try to break it
We invite you to try to break it. The record is designed to survive you — and if it doesn't, we want to know first.
Advisories
Confirmed and resolved issues are published as advisories — what was affected, what was fixed, what a reader should do.
The advisories page is honestly empty today and says so; its Atom feed is valid with zero entries.