We take security seriously. If you discover a vulnerability in cocapn, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

1. Preferred: Email security@superinstance.com with:

   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Any suggested fix

2. Alternative: Send a direct message via our Discord to any maintainer

• We will acknowledge your report within 48 hours
• We will provide an initial assessment within 5 business days
• We will keep you informed of our progress
• We will credit you in the security fix (unless you prefer anonymity)
• We will request a 90-day disclosure deadline

Security issues we care about:

• Remote code execution
• Authentication bypass
• Data leakage (user data, API keys, memory contents)
• Privilege escalation
• Denial of service

• Theoretical concerns without proof of concept
• Issues in third-party dependencies (report to them directly)
• Social engineering vectors
• Physical access attacks

User Input → Bridge (local) → PII Filter → LLM API → Response → Brain (local) → User

Cocapn can run with zero external network calls:

• Set COCAPN_OFFLINE=true in environment
• All LLM calls will fail gracefully
• Memory, skills, and plugins still work
• Webhook receiver disabled

• API keys stored in plaintext in ~/.cocapn/settings.json (your local filesystem)
• No encryption at rest for memory data (lives in your Git repo)
• All external communication over HTTPS
• Fleet JWT signed with HMAC-SHA256

• ⚠️ Cold plugins run in child processes with timeout and memory limits
• ⚠️ Hot plugins run in the bridge process with full access
• Permission system exists but is advisory (enforcement in progress)
• Only install plugins from trusted sources
• Review plugin code before installing

• Plugin sandbox permissions are not yet enforced in the execution path
• No encryption at rest for memory data
• Webhook receiver requires manual authentication setup
• No SSO/SAML support

• Auditor: Simulated security researcher (GLM-5.1)
• Findings: 4 Critical, 5 High, 4 Medium, 3 Info
• Status: All Critical and High fixed. Medium tracked.
• Report: docs/security-audit-cycle2.md

Maintained by CedarBeach2019 (active fork of superinstance/cocapn).