a platform that runs code owes you this

Security and disclosure.

certiv exists to be attacked on the record. Adversarial testing is welcome; the best red-team findings become fixes we credit.

Report a vulnerability

Email security@certiv.org. Also machine-readable at /.well-known/security.txt.

Safe harbor: good-faith research that respects the rules below will not be pursued legally. Test against your own registry, not production; do not access other users’ data; do not run destructive or denial-of-service tests against live infrastructure; give us a reasonable window before public disclosure.

Running untrusted code is the core risk

A receipt’s claims are commands. The single-file kernel runs them with --execute and no isolation: never point it at an untrusted receipt on your host. Use a disposable VM, or let a certiv verification node run it.

Verification nodes execute every claim under this contract:

  • no network egress (container --network=none inside an egress-blocked VM)
  • read-only inputs, a size-limited writable tmpfs, non-root user
  • CPU, memory, and wall-clock budgets from the receipt; deterministic clock and locale
  • the container is destroyed after every claim; no secrets are mounted
  • the attestation label in each verdict states exactly what isolation actually ran (infra-isolated, container-isolated, or process-isolated) and never overstates it

The full node sandbox profile lives in the repository under docs/03_ARCHITECTURE and 10_PLATFORM.