Only the latest published release is supported with security updates.

If you discover a security issue, please report it responsibly:

1. Do not open a public GitHub Issue for security vulnerabilities
2. Send a private report instead
3. Allow 48 hours for initial response

This system runs on a single local machine under a single OS user account. It is designed to prevent accidental destructive actions from causing harm. It does not provide isolation between multiple users or machines.

• Accidental deletion of project files via rm -rf and similar commands
• Writing to system directories (/etc, /usr, /var, /opt)
• Credential exposure through log files
• Unintended modification of files outside .multi-agent/workspace/

• Malicious operator with local shell access
• Remote code execution attacks
• Privilege escalation
• Multi-user isolation

Every execution request passes through Guard first. Guard blocks:

• sudo, su, doas
• Recursive force remove (rm -rf /, rm -rf /home/*)
• Recursive chmod/chown on system paths
• Writes to /etc, /usr, /var, /opt, /root
• Commands that access ~/.ssh/, ~/.aws/, ~/.netrc

The Executor is constrained to .multi-agent/workspace/. Any attempt to write outside this boundary is blocked at the adapter layer, before Guard is even consulted.

API keys, tokens, passwords, and credentials are never written to:

• Memory templates
• Log files
• stdout / stderr

• Include a clear description of the issue
• Describe the expected vs. actual behavior
• Include steps to reproduce (if applicable)
• Do not include actual secrets or credentials in reports

Security fixes are applied immediately to the main branch and released as a patch version bump.