Security Policy

We take the security of agentty seriously — it handles your Anthropic credentials and executes shell commands on your behalf.

Reporting a vulnerability

Please do not open a public issue for security vulnerabilities. Instead, report privately through GitHub's private security advisory form. Include a description, reproduction steps, affected versions, and impact.

What to expect

• Acknowledgement of your report as soon as it's triaged.
• An assessment of severity and affected versions.
• A fix and coordinated disclosure once a patched release is available.
• Credit in the advisory, if you'd like it.

Supported versions

agentty is pre-1.0; security fixes land on the latest release. Always update to the newest version (re-run the install one-liner) before reporting — the issue may already be fixed.

Security model at a glance

• Credentials live at ~/.config/agentty/credentials.json, mode 0600, written atomically.
• Shell calls are sandboxed by default (bwrap / sandbox-exec) — see Sandboxing.
• Filesystem tools are confined to the workspace — see Workspace Boundary.
• TLS is pinned end-to-end, including through the air-gap SOCKS tunnel.
• Air-gap mode trusts the remote host with your tokens — review the trust model before using it.