Author: projectfong
Copyright (c) 2025 Fong
All Rights Reserved

This document outlines general security considerations and internal design expectations for the validns project.
It describes how the system records, isolates, and verifies operational activity for research, reproducibility, and personal auditing purposes.
This repository is made available for personal and research use only. It is not distributed, supported, or maintained for production deployment.

• Provide visibility into how the software approaches data validation and evidence integrity.
• Outline default hardening assumptions for local or research environments.
• Help security researchers understand how network probes and audit logging are structured.

This information applies only to the contents of this repository.
The validns project is not a service, product, or managed software offering.
Users who choose to deploy or modify the system assume full responsibility for configuration, network safety, and compliance.

The design of validns prioritizes auditability, isolation, and transparency rather than production resilience.
Key structural controls include:

• Each action produces a timestamped, signed event in the local ledger.
• Evidence data is stored under /evidence/{trace_id}/ for reproducibility.
• Logs and evidence files are intended for independent validation or analysis only.

• Containers and scripts are intended to run in isolated, non-privileged environments.
• ICMP and traceroute operations may require temporary elevated capabilities (CAP_NET_RAW) for test collection.
• No assumptions are made about operating system security or external network trust.

• Dependencies use permissive, open-source licenses (MIT, Apache 2.0, BSD).
• Users should review and verify all dependency integrity independently.
• The project provides /docs/THIRD_PARTY_LICENSES.md to list original licenses.

This repository is published for study and transparency only.
It does not include a formal vulnerability disclosure program, and no response channel or contact is maintained.
If vulnerabilities are discovered, users are free to document findings independently or maintain private forks for testing.

Users and researchers should:

• Refrain from using the software for unauthorized or production network scanning.
• Avoid exposing sensitive or controlled networks to automated probe functions.
• Ensure compliance with local laws, organizational policies, and network rules of engagement.

This repository is provided as-is for personal and research purposes.
No warranties, security guarantees, or operational assurances are offered.
Running this software implies acceptance of all associated risks, including data loss, misconfiguration, or network interference.