Skip to content

Security: AntSentry/Cogtrix

Security

.github/SECURITY.md

Security Policy

Supported Versions

Only the latest release receives security fixes. We do not backport patches to older versions.

Version Supported
Latest (0.1.x)
Older releases

Reporting a Vulnerability

Please do not report security vulnerabilities via public GitHub issues.

Report vulnerabilities privately through GitHub Security Advisories.

Include as much of the following as possible:

  • Type of vulnerability (e.g. path traversal, SSRF, injection, authentication bypass)
  • Affected component (src/, cogtrix.py, API layer, assistant mode, etc.)
  • Steps to reproduce
  • Proof-of-concept code or payload (if available)
  • Potential impact and attack scenario

Response Timeline

Step Target
Initial acknowledgement 3 business days
Triage and severity assessment 7 business days
Patch and advisory published 30 days (critical: 7 days)

We follow responsible disclosure — please give us reasonable time to fix and release a patch before any public disclosure.

Scope

The following are considered in scope:

  • Path traversal or sandbox escape in file operations (src/tools/file_ops.py)
  • SSRF in HTTP request tool or setup wizard (src/tools/http_request.py, src/setup_wizard.py)
  • Authentication or authorisation bypass in the REST API (src/api/)
  • Prompt injection bypassing the assistant mode guardrail pipeline (src/assistant/guardrails.py)
  • Remote code execution via the Python execution tool (src/tools/python_exec.py)
  • Secrets or API keys exposed in logs, error messages, or API responses
  • SQL injection or insecure direct object reference in the database layer (src/api/db/)

The following are out of scope:

  • Denial of service via resource exhaustion (no SLA guarantees in self-hosted deployments)
  • Vulnerabilities in LLM providers (OpenAI, Anthropic, etc.) or third-party dependencies — please report those upstream
  • Issues that require physical access to the host machine
  • Social engineering or phishing attacks

Security Features

Cogtrix includes several built-in security controls worth noting when assessing the attack surface:

  • Guardrail pipeline — injection detection, rate limiting, and violation tracking in assistant mode
  • Path containment — file operations enforce is_relative_to() checks and dual read/write roots
  • SSRF guardhttp_request tool validates IPs against private/loopback ranges and resolves DNS before connecting
  • Tool confirmation — sensitive tools (shell, file writes) require explicit human approval
  • JWT authentication — API requires signed tokens; secret minimum 32 characters enforced at startup
  • Atomic writes — JSON state files use a temp-then-rename pattern to prevent corruption

There aren't any published security advisories