Approval before authority
Write and shell operations require approval unless the user deliberately enables automatic approval. Session-only approval never persists into a new run.
Algo CLI exposes tools powerful enough to change files and run commands. Its security posture starts with visible scope, explicit authority, and evidence-backed completion.
Write and shell operations require approval unless the user deliberately enables automatic approval. Session-only approval never persists into a new run.
Status-masking commands, unverified post-mutation claims, path escapes, and sensitive write targets are rejected instead of being treated as successful work.
External harness stores and source-code retrieval remain off until enabled. The website never receives prompts, files, memories, or identity records from the CLI.
Version, compatibility, source revision, and release-channel status are available in a stable machine-readable manifest.
Use GitHub’s private security-advisory flow. Do not open a public issue with exploit details, credentials, private paths, or user data.
Open a private advisory ↗