Security is a primary concern for the AutoWeave library, as it serves as an execution and orchestration layer for agent-generated code and commands.
Currently, the main branch and the latest published version are supported for security updates.
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
- Sandbox Execution: AutoWeave does not provide a sandbox for unsafe code execution. It is purely the orchestration layer. Any remote workers (e.g. OpenHands) provisioned by tasks must be executed inside a hardened sandbox (e.g., Docker, gVisor) configured by the downstream product or user.
- Product Authentication: This library does not handle user authentication, OAuth, or RBAC. The downstream product shell is responsible for securing access to the orchestration engine.
- Trusted: The local filesystem (templates, bootstrap files), environment variables (
.env.local), and configuration maps are considered trusted. - Untrusted: Natural language requests passed to the compiler, and code/artifacts generated by LLM agents.
- Strict Validation: All state transitions and payload schemas are strictly validated using
pydantic. - No
eval(): The library deliberately avoids unsafe dynamic code execution methods such aseval()orexec()internally. - Secret Scanning: All commits to this repository are scanned for hardcoded secrets via
gitleaks. - Dependency Audits: Dependencies are continuously audited using
pip-audit. - Static Analysis: CodeQL runs on every pull request to analyze the Python source code for logic vulnerabilities.
If you discover a security vulnerability within AutoWeave Library, please DO NOT open a public issue.
Instead, please use the GitHub Security Advisory feature to privately report the issue:
- Go to the Security Advisories tab for the repository.
- Click "Report a vulnerability".
- Provide full details of the vulnerability, including steps to reproduce.
- We will acknowledge receipt of your vulnerability report within 48 hours.
- We will provide a status update or resolution plan within 7 days.
- If a fix is required, we aim to release a patch within 14 days of the report.
All security vulnerabilities will be promptly addressed, and reporters will receive credit if they desire.