SECURITY / TRUST BOUNDARIES

Local-first is a boundary, not a slogan.

Algo CLI exposes tools powerful enough to change files and run commands. Its security posture starts with visible scope, explicit authority, and evidence-backed completion.

01

Approval before authority

Write and shell operations require approval unless the user deliberately enables automatic approval. Session-only approval never persists into a new run.

02

Fail-closed verification

Status-masking commands, unverified post-mutation claims, path escapes, and sensitive write targets are rejected instead of being treated as successful work.

03

Private context by default

External harness stores and source-code retrieval remain off until enabled. The website never receives prompts, files, memories, or identity records from the CLI.

04

Inspectable release state

Version, compatibility, source revision, and release-channel status are available in a stable machine-readable manifest.

RESPONSIBLE DISCLOSURE

Found a vulnerability?

Use GitHub’s private security-advisory flow. Do not open a public issue with exploit details, credentials, private paths, or user data.

Open a private advisory ↗