If you believe you've found a security vulnerability in the SemiLayer runner, the gateway protocol, or anything in the dispatch path:

• Email: root@semilayer.dev
• Do not open a public GitHub issue.

We aim to acknowledge reports within 2 business days and to have a fix or mitigation landed within 30 days for high-severity issues. We'll credit you in the advisory unless you prefer to stay anonymous.

In scope for this repository:

• The ghcr.io/semilayer/runner container image and the @semilayer/runner-cli npm package.
• The authentication handshake against the runner gateway (rk_ token issuance, rotation, revocation).
• Credential handling in both managed and runner-local modes.
• WebSocket framing, message parsing, and any code that touches untrusted bytes from the gateway.

Out of scope here (please report to the main SemiLayer security channel instead):

• SemiLayer platform bugs unrelated to the runner (Console, Service API, billing).
• Findings on third-party databases the runner connects to — report those to their upstream vendors.

• The runner only opens outbound connections. It never binds a listening port except the optional local /health shim, which should not be exposed outside your own orchestrator.
• The image runs as non-root (USER node).
• The runner validates the gateway TLS certificate before sending the auth token.
• rk_ tokens are hashed (SHA-256) on the platform side — the plaintext is not recoverable from SemiLayer.
• Revoked tokens take effect at the next heartbeat (~25s).