Add variable inheritance and extended variable types

- vars.schema.json: Add refs array for inheritance chains, source/lines
  for origin tracking, layer/pattern/context types
- CLI: Restore chain traversal logic, populate refs from call graph
- Generate layer variables from file entries
- Update CHANGELOG with new features

Author: ddunnock

CHANGELOG.md

@@ -8,6 +8,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 
 ### Added
+- **Variable Inheritance**: `refs` field for variable-to-variable references with chain traversal
+- **Extended Variable Types**: Added `layer`, `pattern`, `context` types to vars schema
+- **Variable Metadata**: Added `source` and `lines` fields to track variable origin in vars schema
 - **Formal Grammar**: W3C EBNF grammar for annotations with railroad diagrams (`spec/grammar/`)
 - **Specification Examples**: Minimal, complete, and edge-case examples (`spec/examples/`)
 - **CLI Implementation Guide**: Comprehensive Rust CLI development guide (`docs/rust-cli/`)

SECURITY.md

@@ -16,8 +16,18 @@ We take security seriously. If you discover a security vulnerability in ACP, ple
 
 Instead, please report them via one of these methods:
 
-1. **Email**: security@acp-protocol.dev
-2. **GitHub Security Advisories**: [Report a vulnerability](https://github.com/acp-protocol/acp-spec/security/advisories/new)
+1. **GitHub Security Advisories** (preferred): [Report a vulnerability](https://github.com/acp-protocol/acp-spec/security/advisories/new)
+2. **Email**: security@acp-protocol.dev
+
+### Encrypted Communication
+
+For highly sensitive reports, you may encrypt your message using our PGP key:
+
+- **Key ID**: `[TO BE ADDED]`
+- **Fingerprint**: `[TO BE ADDED]`
+- **Public Key**: Available at [https://acp-protocol.dev/.well-known/pgp-key.txt](https://acp-protocol.dev/.well-known/pgp-key.txt)
+
+> **Note**: PGP encryption is optional. Unencrypted reports via GitHub Security Advisories are also secure.
 
 ### What to Include
 
@@ -29,49 +39,124 @@ Please include the following information in your report:
 - Step-by-step instructions to reproduce the issue
 - Proof-of-concept or exploit code (if possible)
 - Impact of the issue, including how an attacker might exploit it
+- Suggested severity (see [Severity Classification](#severity-classification))
+
+### Severity Classification
+
+Please help us assess the severity using this guide:
+
+| Severity | Description | Example |
+|----------|-------------|---------|
+| **Critical** | Direct exploitation possible; immediate risk | Cache injection leading to code execution in implementations |
+| **High** | Significant security impact; exploitable | Path traversal exposing sensitive files outside project |
+| **Medium** | Limited security impact; conditional exploit | Information disclosure requiring specific configuration |
+| **Low** | Minimal security impact; theoretical | Attack requiring unlikely conditions or extensive access |
+| **Informational** | Security improvement; no direct vulnerability | Hardening suggestion or defense-in-depth enhancement |
+
+## Response Timeline
+
+| Stage | Timeframe |
+|-------|-----------|
+| **Acknowledgment** | Within 48 hours |
+| **Initial Assessment** | Within 7 days |
+| **Resolution Target** | Within 30 days (depending on complexity) |
 
-### Response Timeline
+### No Response?
 
-- **Acknowledgment**: Within 48 hours
-- **Initial Assessment**: Within 7 days
-- **Resolution Target**: Within 30 days (depending on complexity)
+If you haven't received acknowledgment within 72 hours:
 
-### What to Expect
+1. Check your spam/junk folder for our reply
+2. Try the alternative reporting method (email if you used GitHub, or vice versa)
+3. Reach out via hello@acp-protocol.dev with subject line "Security Report Follow-up"
+
+## What to Expect
 
 1. **Acknowledgment**: We'll confirm receipt of your report
 2. **Assessment**: We'll investigate and determine the severity
 3. **Communication**: We'll keep you informed of our progress
 4. **Resolution**: We'll develop and test a fix
 5. **Disclosure**: We'll coordinate public disclosure with you
 
-### Security Considerations for ACP
+### Coordinated Disclosure
+
+We follow a coordinated disclosure process:
+
+- We request a **90-day disclosure window** from initial report to public disclosure
+- We will credit you in the security advisory (unless you prefer anonymity)
+- We will notify you before any public disclosure
+- If we are unable to resolve the issue within 90 days, we will negotiate an extended timeline
+
+## Safe Harbor
+
+We consider security research conducted in accordance with this policy to be:
+
+- **Authorized** concerning any applicable anti-hacking laws (including CFAA)
+- **Authorized** concerning any relevant anti-circumvention laws (including DMCA)
+- **Exempt** from restrictions in our Terms of Service that would interfere with conducting security research
+- **Lawful** and we will not initiate or support legal action against you for accidental, good-faith violations
+
+We will not pursue civil or criminal legal action, or send notices to law enforcement, against researchers who:
+
+- Act in good faith to avoid privacy violations, data destruction, or service interruption
+- Only access data necessary to demonstrate the vulnerability
+- Do not exploit vulnerabilities beyond proof-of-concept
+- Report vulnerabilities promptly and provide reasonable time for remediation
+- Do not disclose the issue publicly before coordinated disclosure
 
-#### Specification Security
+**If legal action is initiated by a third party against you** for activities conducted in accordance with this policy, we will take steps to make it known that your actions were authorized by us.
+
+## Bug Bounty
+
+ACP does not currently operate a paid bug bounty program.
+
+We offer:
+- Public recognition and acknowledgment for valid reports (with your permission)
+- Inclusion in our Security Hall of Fame (if established)
+- Our sincere gratitude for helping keep the ACP ecosystem secure
+
+We may consider monetary rewards for exceptional findings on a case-by-case basis, but this is not guaranteed.
+
+## Security Considerations for ACP
+
+### Specification Security
 
 The ACP specification itself doesn't execute code, but implementations should consider:
 
-- **Cache File Integrity**: Cache files could be tampered with
-- **Path Traversal**: File paths in cache should be validated
-- **Variable Injection**: Variable expansion should be sanitized
-- **Constraint Bypass**: Lock constraints are advisory, not enforced
+- **Cache File Integrity**: Cache files could be tampered with to mislead AI tools
+- **Path Traversal**: File paths in cache should be validated to prevent directory escape
+- **Variable Injection**: Variable expansion should be sanitized to prevent injection
+- **Constraint Bypass**: Lock constraints are advisory, not enforced—implementations must not rely on them for security
 
-#### Implementation Recommendations
+### Implementation Recommendations
 
 If you're implementing ACP:
 
-1. **Validate all paths** - Don't trust paths in cache files blindly
-2. **Sanitize variable expansion** - Prevent injection attacks
-3. **Limit file access** - Respect project boundaries
-4. **Log constraint violations** - Track when constraints are overridden
+1. **Validate all paths** — Don't trust paths in cache files blindly; normalize and verify they're within project boundaries
+2. **Sanitize variable expansion** — Prevent injection attacks through variable values
+3. **Limit file access** — Respect project boundaries; never follow symlinks outside the project root
+4. **Verify cache integrity** — Consider signing or checksumming cache files in high-security environments
+5. **Log constraint violations** — Track when constraints are overridden for audit purposes
 
-#### AI Tool Integration Security
+### AI Tool Integration Security
 
 When integrating ACP with AI tools:
 
-1. **Don't expose sensitive data** - Be careful what gets indexed
-2. **Respect lock constraints** - Even if advisory, honor them
-3. **Audit AI actions** - Log what AI tools modify
-4. **Review before commit** - Human review of AI changes
+1. **Don't expose sensitive data** — Be careful what gets indexed; exclude secrets, credentials, and PII
+2. **Respect lock constraints** — Even if advisory, honor them as indicators of sensitive code
+3. **Audit AI actions** — Log what AI tools query and modify
+4. **Review before commit** — Human review of AI-generated changes is essential
+5. **Limit AI scope** — Consider restricting AI access to specific domains or directories
+
+### Out of Scope
+
+The following are generally NOT considered security vulnerabilities:
+
+- Vulnerabilities in third-party implementations (report to those maintainers)
+- Social engineering attacks against ACP maintainers
+- Physical security attacks
+- Denial of service through malformed input (unless causing resource exhaustion)
+- Issues requiring physical access to a user's machine
+- Issues in dependencies (report upstream, but let us know if it affects ACP)
 
 ## Scope
 
@@ -80,16 +165,44 @@ This security policy covers:
 - The ACP specification (`spec/`)
 - JSON schemas (`schemas/`)
 - Reference CLI implementation (`cli/`)
-- Documentation (`docs/`)
+- Official documentation (`docs/`)
+- Official tooling (MCP server, VS Code extension when released)
 
-Third-party implementations have their own security policies.
+**Not covered:**
+- Third-party ACP implementations (they have their own security policies)
+- Community-contributed extensions
+- Forks of this repository
 
 ## Recognition
 
-We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities (with their permission).
+We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities.
+
+### Security Hall of Fame
+
+We maintain a list of researchers who have responsibly disclosed security issues:
+
+<!-- 
+Add researchers here as:
+- **[Name/Handle](link)** - Brief description of finding (Month Year)
+-->
+
+*No entries yet — be the first!*
+
+If you'd like to be acknowledged:
+- Let us know your preferred name/handle and optional link
+- Indicate if you'd like to be mentioned in the security advisory
+- Specify any social media handles you'd like included
 
 ## Contact
 
-- **Security Email**: security@acp-protocol.dev
-- **General Contact**: hello@acp-protocol.dev
-- **GitHub**: https://github.com/acp-protocol/acp-spec
+| Purpose | Contact |
+|---------|---------|
+| **Security Reports** | security@acp-protocol.dev |
+| **General Questions** | hello@acp-protocol.dev |
+| **GitHub** | https://github.com/acp-protocol/acp-spec |
+| **Security Advisories** | https://github.com/acp-protocol/acp-spec/security/advisories |
+
+---
+
+*This security policy is effective as of December 2024 and may be updated periodically.*
+*Last reviewed: December 2024*

cli/src/index/indexer.rs

@@ -161,17 +161,35 @@ impl Indexer {
     pub fn generate_vars(&self, cache: &Cache) -> VarsFile {
         let mut vars_file = VarsFile::new();
 
-        // Generate symbol vars
+        // Build a map of symbol names to var names for ref resolution
+        let mut symbol_to_var: std::collections::HashMap<String, String> = std::collections::HashMap::new();
         for (name, symbol) in &cache.symbols {
             if symbol.exported {
                 let var_name = format!("SYM_{}", name.to_uppercase().replace('.', "_"));
-                vars_file.add_variable(
-                    var_name,
-                    VarEntry::symbol(
-                        symbol.qualified_name.clone(),
-                        symbol.summary.clone(),
-                    ),
-                );
+                symbol_to_var.insert(name.clone(), var_name);
+            }
+        }
+
+        // Generate symbol vars with refs from call graph
+        for (name, symbol) in &cache.symbols {
+            if symbol.exported {
+                let var_name = format!("SYM_{}", name.to_uppercase().replace('.', "_"));
+
+                // Build refs from symbols this one calls
+                let refs: Vec<String> = symbol.calls.iter()
+                    .filter_map(|callee| symbol_to_var.get(callee).cloned())
+                    .collect();
+
+                let entry = VarEntry {
+                    var_type: crate::vars::VarType::Symbol,
+                    value: symbol.qualified_name.clone(),
+                    description: symbol.summary.clone(),
+                    refs,
+                    source: Some(symbol.file.clone()),
+                    lines: Some(symbol.lines),
+                };
+
+                vars_file.add_variable(var_name, entry);
             }
         }
 
@@ -205,6 +223,27 @@ impl Indexer {
             }
         }
 
+        // Generate layer vars from unique layers
+        let mut layers: std::collections::HashSet<String> = std::collections::HashSet::new();
+        for file in cache.files.values() {
+            if let Some(layer) = &file.layer {
+                layers.insert(layer.clone());
+            }
+        }
+        for layer in layers {
+            let var_name = format!("LAYER_{}", layer.to_uppercase().replace('-', "_"));
+            let file_count = cache.files.values()
+                .filter(|f| f.layer.as_ref() == Some(&layer))
+                .count();
+            vars_file.add_variable(
+                var_name,
+                VarEntry::layer(
+                    layer.clone(),
+                    Some(format!("Layer: {} ({} files)", layer, file_count)),
+                ),
+            );
+        }
+
         vars_file
     }
 }