# Security & Privacy ## Network Activity Agent Teams makes **zero** outbound network calls to third-party servers. There is no telemetry, analytics, tracking, or data exfiltration of any kind. | Network activity | When | Mode | User-initiated | |---|---|---|---| | GitHub Releases API (auto-updater) | App launch | Electron only | No (automatic) | | SSH connections | Settings > SSH | Electron only | Yes | | HTTP server (`127.0.0.1` or `0.0.0.0`) | When enabled | Both | Yes | ### Standalone / Docker mode In standalone mode (Docker or `node dist-standalone/index.cjs`), the auto-updater and SSH features are disabled entirely. The only network activity is the HTTP server listening for incoming connections on the configured port. ## Data Handling - All session data is read **locally** from `~/.claude/` — it never leaves your machine. - The app does not write to session files. Volume mounts in Docker use `:ro` (read-only) by default. - Configuration is stored at `~/.claude/agent-teams-config.json` on the local filesystem. - No data is sent to Anthropic, GitHub (other than the auto-updater in Electron mode), or any other third party. ## Docker Network Isolation For maximum trust, run the Docker container with `--network none`: ```bash docker build -t agent-teams-ai -f docker/Dockerfile . docker run --network none -p 3456:3456 -v ~/.claude:/data/.claude:ro agent-teams-ai ``` Or with Docker Compose, uncomment `network_mode: "none"` in `docker/docker-compose.yml`. ## IPC & Input Validation - Electron IPC and standalone HTTP handlers validate IDs, paths, and payloads at the boundary - Project editing and write operations are constrained to the selected project root - Read-only discovery may access local Claude data under `~/.claude/` and app-owned state paths when needed - Path traversal attacks are blocked - Sensitive config and credential-like paths are rejected or treated as protected targets ## Supported Versions Only the latest release is supported with security fixes. ## Reporting a Vulnerability Please report vulnerabilities privately and do not open public issues for undisclosed security problems. Include: - affected version/commit - vulnerability description - impact assessment - reproduction steps or proof of concept If you do not have a private contact path yet, open a minimal GitHub issue asking for a secure reporting channel without disclosing technical details. ## Disclosure Process - We will acknowledge reports as quickly as possible. - We will validate, triage severity, and prepare a fix. - We will coordinate a release and publish advisories when appropriate.