Please report security issues privately. Do not open a public issue.
- Preferred: GitHub private vulnerability reporting (repository → Security → "Report a vulnerability").
- Or email security@egoistmachines.com.
We aim to acknowledge reports within 3 business days and to share a remediation timeline after triage. Please include reproduction steps and affected versions.
etchplan is pre-1.0; only the latest released version receives security fixes.
etchplan is local-first and guarded by default:
- No upload by default. Agent-hook trace capture writes to a local file (
~/.etchplan/hook_events.jsonl). Nothing leaves your machine unless you explicitly export or share it. - Sensitive capture. Raw hook traces can contain commands, file contents, and tool output. Treat
~/.etchplan/as sensitive. The redact/export path applies secret/PII redaction and slotting before any trace or plan is shared. - Compiled artifacts are guarded. Code routines distilled from traces are statically checked by an AST allowlist (
packages/etchplan-validator/etchplan_validator/code_safety.py): only environment APIs and safe builtins are allowed;exec/eval/open/dynamic-attribute escapes/OS/network are rejected. A routine that fails validation is never executed; the original agent runs instead. - Mutations are gated. Live mutating actions require an idempotency key and pass through a mutation gate; every action is written to an append-only audit log; a drift kill-switch disables a plan whose measured fallback rate breaches its policy.
Please report any bypass of these guarantees as a security issue.
© 2026 Egoist Machines, Inc.