63 lines
2.6 KiB
Markdown
63 lines
2.6 KiB
Markdown
# Security & Privacy
|
|
|
|
## Network Activity
|
|
|
|
Agent Teams makes **zero** outbound network calls to third-party servers. There is no telemetry, analytics, tracking, or data exfiltration of any kind.
|
|
|
|
| Network activity | When | Mode | User-initiated |
|
|
|---|---|---|---|
|
|
| GitHub Releases API (auto-updater) | App launch | Electron only | No (automatic) |
|
|
| SSH connections | Settings > SSH | Electron only | Yes |
|
|
| HTTP server (`127.0.0.1` or `0.0.0.0`) | When enabled | Both | Yes |
|
|
|
|
### Standalone / Docker mode
|
|
|
|
In standalone mode (Docker or `node dist-standalone/index.cjs`), the auto-updater and SSH features are disabled entirely. The only network activity is the HTTP server listening for incoming connections on the configured port.
|
|
|
|
## Data Handling
|
|
|
|
- All session data is read **locally** from `~/.claude/` — it never leaves your machine.
|
|
- The app does not write to session files. Volume mounts in Docker use `:ro` (read-only) by default.
|
|
- Configuration is stored at `~/.claude/agent-teams-config.json` on the local filesystem.
|
|
- No data is sent to Anthropic, GitHub (other than the auto-updater in Electron mode), or any other third party.
|
|
|
|
## Docker Network Isolation
|
|
|
|
For maximum trust, run the Docker container with `--network none`:
|
|
|
|
```bash
|
|
docker build -t agent-teams-ai -f docker/Dockerfile .
|
|
docker run --network none -p 3456:3456 -v ~/.claude:/data/.claude:ro agent-teams-ai
|
|
```
|
|
|
|
Or with Docker Compose, uncomment `network_mode: "none"` in `docker/docker-compose.yml`.
|
|
|
|
## IPC & Input Validation
|
|
|
|
- Electron IPC and standalone HTTP handlers validate IDs, paths, and payloads at the boundary
|
|
- Project editing and write operations are constrained to the selected project root
|
|
- Read-only discovery may access local Claude data under `~/.claude/` and app-owned state paths when needed
|
|
- Path traversal attacks are blocked
|
|
- Sensitive config and credential-like paths are rejected or treated as protected targets
|
|
|
|
## Supported Versions
|
|
|
|
Only the latest release is supported with security fixes.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please report vulnerabilities privately and do not open public issues for undisclosed security problems.
|
|
|
|
Include:
|
|
- affected version/commit
|
|
- vulnerability description
|
|
- impact assessment
|
|
- reproduction steps or proof of concept
|
|
|
|
If you do not have a private contact path yet, open a minimal GitHub issue asking for a secure reporting channel without disclosing technical details.
|
|
|
|
## Disclosure Process
|
|
|
|
- We will acknowledge reports as quickly as possible.
|
|
- We will validate, triage severity, and prepare a fix.
|
|
- We will coordinate a release and publish advisories when appropriate.
|