Security Policy

TensorFeed.ai welcomes responsible disclosure of security issues. This page describes how to report a vulnerability, what is in scope, and what you can expect from us in return. The machine-readable companion to this page lives at /.well-known/security.txt and follows RFC 9116.

How to Report

Send a clear, reproducible report to [email protected] with subject line beginning [security]. Please include:

• A short description of the issue and its impact
• Step-by-step reproduction (URL, request payload, expected vs actual response)
• The date you discovered it
• Whether the issue is already public anywhere
• How you would like to be credited if at all

Please do not file a public GitHub issue for unpatched vulnerabilities. Use email so we can coordinate a fix and disclosure timeline together.

Scope

In scope:

• tensorfeed.ai and any subdomain we operate
• The Cloudflare Worker that serves /api/*
• The @tensorfeed/mcp-server npm package
• The tensorfeed Python and JavaScript SDKs
• The agent payments rail (USDC on Base) where it touches our wallet, signed receipts, or stored credit balances
• The Agent Fair-Trade Agreement implementation

Out of scope:

• Denial of service against the live API (we already cap aggressive traffic; volumetric tests will just trip the rate limiter)
• Findings on third-party services (Cloudflare, Resend, npm, PyPI, Base RPC providers, Hugging Face, Semantic Scholar, arXiv) that we depend on but do not operate
• Reports from automated scanners with no proof-of-impact attached
• Missing security headers on assets that are not user input boundaries (see CSP via public/_headers)
• Self-XSS that requires the user to paste content into their own browser console

What to Expect

• Acknowledgment within 72 hours of receiving your report.
• Triage and severity assessment within 7 days, with a fix plan if the report is in scope.
• Coordinated disclosure once a fix is deployed. Default disclosure window is 90 days from initial report; we will ask for an extension only if a fix is genuinely complex.
• Credit in the acknowledgments section below if you would like it. We do not currently run a paid bug bounty program, but we will publicly thank you.

Safe Harbor

We will not pursue legal action against researchers who follow this policy in good faith. Specifically: do not access data that is not yours, do not modify or delete data, do not degrade service for other users, and do not retain credentials, personal data, or proprietary information. If you discover any such material inadvertently, stop testing immediately and contact us. We treat reports as confidential until a coordinated disclosure timeline is agreed.

Defenses Currently in Place

Useful context for researchers when scoping reports:

• Prompt-injection sanitization on every agent-facing endpoint and on every MCP server tool response. See docs.
• Per-IP rate limit (120 req/min) on free public endpoints; per-token circuit breaker (20 identical or 100 varied req/min/token) on premium.
• Static-site security headers (CSP, HSTS preload, frame-ancestors, COEP, CORP) via public/_headers.
• OFAC sanctions screening on every payment confirmation via the Chainalysis public API; misconfig fails closed.
• Ed25519-signed receipts on every premium response, public key at /.well-known/tensorfeed-receipt-key.json.
• Replay protection on every USDC transaction hash (no reuse, ever).
• Public on-chain payment rail. Every credit purchase is independently verifiable on the Base block explorer.
• No-charge guarantees for 5xx responses, circuit-breaker trips, schema validation failures, and stale data. The public no-charge ledger records every event.

Acknowledgments

We will list researchers who report valid issues here, with their permission. No entries yet. Be the first by following the reporting process above.

Related

• /.well-known/security.txt (RFC 9116, machine-readable)
• Agent Fair-Trade Agreement
• Agent Payments developer docs
• Privacy Policy (data handling for premium API users)
• Terms of Service