tsforge is a local AI coding harness. Treat it like running an untrusted developer on your machine.

• The model can invoke shell commands (run tool) inside the target project you point it at
• The model can read and write files in that project via edit/create/hashline tools
• Run tsforge only against projects you trust, or inside containers/sandboxes

• No telemetry — tsforge does not phone home
• Network calls go only to the model endpoint you configure (~/.tsforge/models.json or TSFORGE_BASE_URL)
• Eval scripts may call a separate judge endpoint (TSFORGE_JUDGE_*)

Report vulnerabilities via GitHub security advisories on agjs/tsforge.

Do not open public issues for exploitable findings.