Security Policy

1. Security Philosophy

Because Artemis operates as an active agent with filesystem and system execution capabilities, security is our primary focus. We strive to provide a transparent, local-first runtime that minimizes external exposure.

2. Vulnerability Reporting

If you find a security vulnerability, please do not disclose it publicly. Instead, report it directly to the core developers:

• Email: security@artemis-agent.org
• Response Window: We aim to acknowledge reports within 48 hours and provide updates on resolution plans.

3. Safe Operating Environment

To ensure the safe operation of your Artemis instance, we recommend:

• Sandboxing: Run the gateway inside a containerized environment (such as Docker) or an isolated virtual machine to prevent arbitrary command execution on your host machine.
• Local Binding: Bind the gateway and CLI ports to `127.0.0.1` unless configured behind an authenticated reverse proxy. Use the global `BASE_IP` environment variable to enforce local binding.
• Read-only Fallbacks: Configure read-only tokens for integrations wherever write access is not explicitly required.

4. Credential & Key Storage

All configuration keys (e.g., Vertex AI credentials, Gmail OAuth tokens, Discord bot secrets) are stored locally in environment variables or configuration files on your host device. These credentials are never transmitted to any centralized telemetry or logging service.