Agent-Pantograph is designed around human-governed local agency. The project should never require users to give an AI assistant arbitrary shell access, paste secrets into chat, or run opaque commands.
The human approves.
The local machine stays user-controlled.
Ag-lets are bounded and inspectable.
Reports are compact and reviewed before raw logs.
Higher-risk actions require explicit consent and separate risk treatment.
Unless a future document explicitly states otherwise, Agent-Pantograph template material must assume:
no arbitrary command execution
no sudo by default
no package installs by default
no driver changes by default
no service changes by default
no deletion by default
no credential inspection
no OAuth token inspection
no private key inspection
no hidden background agent
no silent persistence
Do not paste secrets into issues, pull requests, discussions, chat, logs, Agent-Pantograph reports, or Ag-let outputs.
This includes:
API keys
GitHub tokens
OAuth tokens
SSH private keys
passwords
rclone config contents
cloud storage tokens
browser cookies
.env files containing secrets
If a secret is exposed, rotate it immediately using the provider's official interface.
Every Ag-let should declare:
what it does
what it does not do
whether it uses network access
whether it writes files
which paths it may touch
whether it needs elevated permission
what reports it emits
how it fails safely
Ag-lets should prefer:
read-only checks
compact summaries
explicit output folders
dry-run modes
human-readable reports
clear refusal when required preconditions are missing
Please report suspected vulnerabilities privately. Do not disclose security issues publicly before the maintainers have had a chance to review them.
- Preferred: use GitHub's private vulnerability reporting for this repository, if available (the repository "Security" tab → "Report a vulnerability").
If private vulnerability reporting is not yet enabled for this repository, that is a GitHub platform limitation: the setting only becomes available once a repository is public. Enabling it is a mandatory settings task immediately after publication (repository Settings → Advanced Security → Private vulnerability reporting → Enable).