Email security@robotrocketscience.com (or open a GitHub Security Advisory if you prefer the GitHub flow). Do not open a public issue for security or privacy bugs.
Please include:
- A description of the issue and its impact (data exposure, integrity, availability).
- Reproduction steps or a proof-of-concept.
- The version of aelfrice you're running (
aelf --version). - Your environment (OS, Python version, MCP host if relevant).
We will acknowledge receipt within 48 hours and aim to provide an initial assessment within 5 business days.
In scope:
- The published Python package on PyPI (
pip index versions aelfrice). - Anything in
src/aelfrice/onmain. - The MCP server's input handling (
aelfrice.mcp_server). - The CLI's argument handling (
aelfrice.cli). - The SQLite schema and FTS5 index integrity.
Out of scope:
- Vulnerabilities in
fastmcp(please report upstream). - Vulnerabilities in your MCP host (Claude Code, Codex). Report upstream to the host vendor.
- Vulnerabilities in the cloud LLM at the other end of your prompt.
- Third-party tools you use to inspect the database (sqlite3, datasette, etc.).
- No telemetry. The shipped package contains no network code in the retrieval, scoring, scanner, store, or feedback paths. The optional
[mcp]extra addsfastmcp, which speaks MCP over stdio (local IPC), not the network. The single default outbound call is the TTL-gated update notifier (lifecycle.py): one GET tohttps://pypi.org/pypi/aelfrice/jsonthat transmits no user data; disable withAELF_NO_UPDATE_CHECK=1. See docs/user/PRIVACY.md. - All data is local. Your beliefs live in a single SQLite file, resolved per
src/aelfrice/db_paths.py:$AELFRICE_DBoverrides; otherwise<git-common-dir>/aelfrice/memory.dbper-project; otherwise~/.aelfrice/memory.dbas a legacy fallback for non-git cwds. aelfrice does not back this up, sync this, or transmit any portion of it. - Auditable update math. Every Bayesian update goes through one function (
apply_feedback, ~60 lines). Production retrieval ordering enters through one function (retrieveinsrc/aelfrice/retrieval.py). Both are pure Python with no I/O beyond the local SQLite file, and reviewable.
See docs/user/PRIVACY.md for verifiable details.
We follow coordinated disclosure:
- You report privately.
- We acknowledge, triage, and develop a fix.
- We coordinate a release with you on a target date.
- We publish the release with credit to the reporter (if desired) and a security advisory describing the issue.
We do not currently run a paid bug bounty.
Will be added here as advisories land.