LEGAL-03 // SECURITY_POLICY
Security Policy
Responsible disclosure, threat model, and the five mitigations built into every release.
THREAT MODEL // FIVE MITIGATIONS
Five threats. Five mitigations.
[X]LLM hallucination → rm -rf /
[✓]LLM output is NEVER executed on the host directly — always via Docker sandbox
[X]Daemon privilege escalation
[✓]Daemon runs as yantra_daemon (UID 999) with strict systemd sandboxing
[X]Container escape to host filesystem
[✓]Docker has NO --network and NO host mount — stdout only
[X]Unrestricted SSH command execution
[✓]SSH key allows ONLY whitelisted commands (systemctl, pacman, fstrim…)
[X]Secrets exfiltration via prompt injection
[✓]Secrets in /etc/yantra/secrets.env (chmod 0400) — never in model context
RESPONSIBLE DISCLOSURE
Found a vulnerability?
Please do not open a public GitHub issue for security vulnerabilities. Email us at security@euryaleferox.com with:
01.A description of the vulnerability and affected component
02.Steps to reproduce, including environment details
03.Your assessment of severity and potential impact
04.Any proof-of-concept code (keep it responsible)
We acknowledge reports within 48 hours and aim to patch critical issues within 14 days. We do not currently offer a bug bounty program, but we will credit you in the Changelog.
SCOPE // BOUNDARY
What's in scope.
In scope
- ›Kriya Loop daemon (core/daemon.py)
- ›Docker sandbox executor (core/sandbox.py)
- ›TUI shell IPC (core/tui_shell.py)
- ›OTA manager (core/ota_manager.py)
- ›yantraos.com web interface
- ›Skill Store API endpoints
Out of scope
- ›Third-party dependencies (Ollama, Pinecone, Supabase)
- ›The underlying Arch Linux packages
- ›User-published Skills
- ›Network infrastructure not operated by us