066ef722ae
- Fix slashes in agent identity causing invalid hook file paths (gt-vqhc) - Add Prerequisites section to README (gt-vzic) - Create CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md (gt-xbfw) - Update Install section for future package managers (gt-7wcf) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1.2 KiB
1.2 KiB
Security Policy
Reporting a Vulnerability
If you discover a security vulnerability in Gas Town, please report it responsibly:
- Do not open a public issue for security vulnerabilities
- Email the maintainers directly with details
- Include steps to reproduce the vulnerability
- Allow reasonable time for a fix before public disclosure
Scope
Gas Town is experimental software focused on multi-agent coordination. Security considerations include:
- Agent isolation: Workers run in separate tmux sessions but share filesystem access
- Git operations: Workers can push to configured remotes
- Shell execution: Agents execute shell commands as the running user
- Beads data: Work tracking data is stored in
.beads/directories
Best Practices
When using Gas Town:
- Run in isolated environments for untrusted code
- Review agent output before pushing to production branches
- Use appropriate git remote permissions
- Monitor agent activity via
gt peekand logs
Supported Versions
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
Updates
Security updates will be released as patch versions when applicable.