If you discover a security vulnerability in this project, please report it responsibly.
Do not open a public issue. Instead, email the maintainers or use GitHub's private vulnerability reporting.
We will acknowledge your report within 48 hours and provide a timeline for a fix.
For guidance on securely configuring agents in production, see docs/security.md. This covers:
- Security policies and tool access control
- Filesystem sandboxing and path traversal prevention
- Secrets filtering in tool outputs
- Guardrails for model inputs and outputs
- MCP server security configuration