We actively support the following versions with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security vulnerability, please follow these steps:
Security vulnerabilities should be reported privately to protect users.
Send an email to: security@inteligens.ai
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if available)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution: Depends on severity and complexity
- We will acknowledge receipt of your report
- We will keep you informed of the progress
- We will credit you in the security advisory (if desired)
- We will coordinate public disclosure after a fix is available
- Security vulnerabilities in the framework code
- Vulnerabilities in agent execution flow
- Issues with approval gates or human-in-the-loop mechanisms
- Problems with state management or journal tracking
- Security concerns in generated execution plans
- Vulnerabilities in projects generated by the framework (report to those projects)
- Issues with third-party dependencies (report upstream)
- General usage questions (use GitHub Discussions)
- Feature requests (use GitHub Issues)
The framework follows these security principles:
- Human-in-the-Loop: No automatic code execution without human approval
- No Secrets in Code: Framework does not store or transmit secrets
- Audit Trail: Complete execution journal for traceability
- Approval Gates: Critical phases require explicit human approval
- State Isolation: Execution state is project-local
- Approval Gates: Human checkpoints for critical decisions
- Execution Journal: Complete audit trail of all actions
- State Management: Isolated execution state per project
- No Auto-Execution: Framework does not automatically execute code
- IDE-Agnostic: Works in secure environments
- Framework does not enforce security policies on generated code
- Generated projects must implement their own security controls
- Framework does not scan dependencies for vulnerabilities
- No built-in secret management (use external tools)
Security updates will be:
- Released as patch versions (e.g., 1.0.1, 1.0.2)
- Documented in CHANGELOG.md
- Tagged with security advisory labels
- Announced in release notes
For security-related questions or concerns:
- Email: security@inteligens.ai
- GitHub Security Advisories: Use the "Report a vulnerability" button on the repository
Thank you for helping keep the Inteligens Agents Framework secure!