Security fixes are accepted for the current release candidate line:
| Version | Supported |
|---|---|
v0.1.0-rc.1 |
Yes |
Do not open a public issue with exploit details or secrets. Report privately to the repository maintainers using GitHub Security Advisories or the private contact channel configured by the project owner.
Include:
- affected version or commit
- reproduction steps
- impact
- whether any credentials, customer data, or production systems were exposed
- Never commit
.env, real API keys, tokens, cookies, SSH keys, private keys, database dumps, backup files, logs, or screenshots containing credentials. - Keep
.env.exampleplaceholder-only. - Rotate any credential that was pasted into task descriptions, logs, issues, pull requests, or local files.
- Run a secret scan before every public push.
Recommended local scan:
rg -n -i "API_KEY|SECRET|TOKEN|PASSWORD|PRIVATE_KEY|OPENAI|ANTHROPIC|CLAUDE|GEMINI|DEEPSEEK|KIMI|SILICONFLOW|SUPABASE|LARK|TELEGRAM|GITHUB_TOKEN|GITLAB|JWT|ENCRYPTION|bearer|sk-[A-Za-z0-9]|xoxb-|ghp_|glpat-|-----BEGIN" \
-g '!node_modules/**' -g '!dist/**' -g '!__pycache__/**' -g '!.venv/**' .If a real secret was committed to Git history, do not push the repository publicly. Rotate the credential and either rewrite history or initialize a clean repository from sanitized files.
- Set
ADMIN_API_TOKEN,OPERATOR_API_TOKEN,VIEWER_API_TOKEN, andAGENT_API_TOKENto strong random values. - Set
AUTH_TOKEN_EXPIRES_ATfor trial token expiry. - Set
APP_SECRET_KEYto a stable high-entropy value before storing provider configs. - Put the API and Web Console behind TLS and a trusted reverse proxy.
- Replace bearer-token RBAC with OIDC/SSO before broad multi-user rollout.
- Store production secrets in Vault, AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, or an equivalent managed secret store.
- Keep production/high-risk tools approval-gated.
- Keep real external write adapters disabled until sandbox rollback acceptance is complete.
- Mock provider and mock external adapters are the default.
- Provider secrets are masked in API/CLI/Web responses and encrypted when stored through provider config APIs.
- Tool calls go through Tool Registry, Policy Engine, event logging, approval, and rollback planning.
- MCP servers default to untrusted and require an explicit manifest,
trusted, andallowed_tools. - Secret-like values are redacted from logs, events, tool calls, rollback plans, approval payloads, and API responses.