Helix OS is a privacy-first, autonomous AI agent that executes real actions on your system. Security isn't an afterthought here β it's core to how we build. If you've found a vulnerability, thank you for taking the time to report it responsibly. This document explains how.
We actively maintain and patch the main branch only.
| Version | Supported |
|---|---|
main (latest) |
β Active |
| Older releases | β Not supported |
This policy covers the following Helix OS components:
- 𧱠Sandbox Execution β isolated environments where code and plans are executed safely
- π Permission Tiers β the five-tier permission system with confirmation gates and rollback support
- 𧩠Plugin Loading β how third-party plugins are installed, verified, and executed at startup
- π WebSocket IPC β the communication bridge between the Tauri UI and Python Daemon
- π€ Python Daemon β the core backend driving agent orchestration, planning, and verification
Out of scope:
- Third-party plugins not maintained by the Helix OS team
- Vulnerabilities in upstream dependencies (please report to their maintainers)
- Social engineering attacks
Please do NOT open a public GitHub issue for security vulnerabilities.
Public issues expose the problem to everyone before it's fixed β which could put users at risk. Instead:
- GitHub Private Advisory (preferred) β use the Security tab to submit a private report directly.
- Email the maintainer β contact @VyomKulshrestha via the email listed on their GitHub profile.
- A clear description of the vulnerability and where it lives
- Steps to reproduce the issue
- The potential impact (e.g., sandbox escape, permission bypass, plugin hijack)
- Any suggested fixes or mitigations (totally optional, but appreciated!)
Once we receive your report, here's what you can expect from us:
| Timeframe | Action |
|---|---|
| Within 48 hours | We acknowledge your report |
| Within 7 days | We assess severity and confirm the vulnerability |
| Within 30 days | We develop and test a fix |
| Within 45 days | We release a patch |
| After patch release | Public disclosure, coordinated with you |
We ask that you:
- Give us a reasonable window to fix the issue before going public
- Avoid exploiting the vulnerability beyond what's needed to demonstrate it
- Not access or modify other users' data
We'll do our best to resolve it as quickly as possible.
| Level | Description |
|---|---|
| π΄ Critical | Remote code execution, full system compromise |
| π High | Sandbox escape, privilege escalation, plugin permission bypass |
| π‘ Medium | Information disclosure, partial access control bypass |
| π’ Low | Minor issues with limited real-world impact |
- Maintainer: @VyomKulshrestha
- Private Advisory: Submit here
Security researchers who responsibly disclose vulnerabilities will be credited in our release notes β unless you'd prefer to stay anonymous, which is completely fine.
This project participates in GSSoC 2026 and NSoC. All contributors are expected to follow this security policy when handling security-related work.