From d189a561d145e97b5e35b9939fde045c1a8522b8 Mon Sep 17 00:00:00 2001
From: anthonyadame <anthonyadame@gmail.com>
Date: Thu, 14 May 2026 16:19:35 -0400
Subject: [PATCH] docs(security): cross-link ADR-0042 sandbox policy from
 SECURITY.md

Single-line addition to the "What IS in scope" section pointing
disclosure reporters at the org-canonical sandbox / host-execution
policy:

  https://github.com/Kaizen-3C/kaizen-staging/blob/main/.architecture/decisions/ADR-0042-sandbox-bypass-policy.md

The kaizen-cli ships the Python pipeline that exercises the sandbox
in production; host-execution semantics are the most code-execution-
relevant policy area, so the in-scope section is the natural home
for the cross-link.

Part 2/4 of roadmap item 60.11 (SECURITY.md cross-link to ADR-0042
across kaizen-staging / kaizen-cli / benchmarks / kaizen-3c-web).

Signed-off-by: anthonyadame <anthonyadame@gmail.com>
---
 SECURITY.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index e0929e3..cf8b0d1 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -74,7 +74,10 @@ this repository:
 ## What IS in scope
 
 - Code-execution vulnerabilities in CLI commands or the optional web/MCP
-  server components.
+  server components. Sandbox / host-execution policy is governed by
+  [ADR-0042: Sandbox Bypass Policy](https://github.com/Kaizen-3C/kaizen-staging/blob/main/.architecture/decisions/ADR-0042-sandbox-bypass-policy.md)
+  in the staging repository — cite ADR-0042 in any disclosure that
+  touches host-execution semantics.
 - Credential or API-key leakage in commands, CI configs, or committed
   artifacts.
 - Prompt-injection or tool-call-hijacking vulnerabilities in the