If you discover a security vulnerability in Synapses, please report it responsibly to the maintainers before disclosing it publicly.
Email: security@synapsesos.dev (or open a GitHub private security advisory)
What to include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if available)
- Acknowledgment: Within 24 hours
- Initial assessment: Within 3 business days
- Fix timeline: Severity-dependent (see below)
| Severity | Definition | Fix Timeline |
|---|---|---|
| Critical | Remote code execution, arbitrary file access, credential leakage | 24 hours (emergency patch) |
| High | Local privilege escalation, data exposure via graph queries, injection attacks | 1 week |
| Medium | Information disclosure, DoS conditions, default configurations | 2 weeks |
| Low | Minor issues, non-exploitable edge cases | Next release |
The following components are in scope for security reports:
✅ MCP Protocol Implementation — Tool inputs, parameter validation, stdio transport ✅ SQLite Store — Query injection, data integrity, file permissions ✅ Sidecar HTTP Clients — Brain and Scout API communication, timeout handling ✅ File Watcher — Path traversal, symlink handling ✅ Parser — Malformed input handling, resource exhaustion ✅ Graph Engine — Memory leaks, unbounded recursion
The following are not in scope for security reports (but may be reported as bugs):
❌ Dependency Vulnerabilities — Report upstream; we'll update when available ❌ Sidecar Security — Report to synapses-intelligence or synapses-scout repositories ❌ IDE-Specific Issues — Report to the IDE vendor ❌ Local Privilege Escalation (general) — OS-level issues
- All inference is local (brain sidecar)
- No code or context leaves your machine
- SQLite cache stored at
~/.cache/synapses/(user-readable only)
- Pure Go implementation (except parser)
- Reduces attack surface
- No native code execution vulnerabilities
- MCP tools never panic
- Brain sidecar unavailable? Graph queries still work
- Scout down? Web tools return "unavailable"
- Reduces denial-of-service risk
- Cache file at
~/.cache/synapses/cache/<hash>.db - Created with
0600permissions (user read/write only) - No multi-user access to codebase data
- Keep Synapses updated — Regularly update to the latest version
- Use proper file permissions — Don't share codebase cache across untrusted users
- Protect your project root — Synapses indexes your entire codebase; restrict access to project directories
- Run brain sidecar locally — Never expose
brainsidecar to the network (localhost:11435only) - Run scout sidecar locally — Never expose
scoutsidecar to the network (localhost:11436only)
Synapses uses minimal external dependencies:
modernc.org/sqlite— Pure-Go SQLite (no CGo)smacker/go-tree-sitter— Tree-sitter bindings (static linking only)mark3labs/mcp-go— MCP protocol reference implementationfsnotify/fsnotify— File watching
All dependencies are vendored and regularly audited. Run go mod audit to check for known vulnerabilities:
go mod auditThe project includes tests for:
- ✅ MCP tool input validation (no SQL injection, command injection)
- ✅ File path handling (no symlink traversal)
- ✅ Parser resource limits (bounded memory)
- ✅ Graph carving depth limits (no infinite loops)
Once a fix is ready:
- Patch released as a point release (e.g., v0.7.1)
- Advisory issued to GitHub Security Advisories
- Public disclosure details announced with CVE (if applicable)
- Security: security@synapsesos.dev
- Issues: https://github.com/SynapsesOS/synapses/issues
- Discussions: https://github.com/SynapsesOS/synapses/discussions
Thank you for helping keep Synapses secure! 🔒