LifeOS is a local-first, modular Personal AI system.
Security, privacy, and user sovereignty are core to the project.
We take vulnerabilities seriously and appreciate responsible disclosure from the community.
As the project is in early development, security updates are primarily focused on the latest version.
| Version | Supported |
|---|---|
| Latest (main) | ✅ |
| Older versions | ❌ |
If you discover a security vulnerability, please do not open a public issue.
Instead, report it responsibly:
Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested mitigation (if known)
You can also include:
- Proof-of-concept code
- Logs or screenshots
- Environment details
Please redact sensitive personal and credential data before submitting your report:
- Auth tokens and API keys
- HTTP
Authorizationheaders - Email addresses and contact information
- Life graph snapshots or personal content
- Local file paths that reveal home directory structure
- Personal notes, captures, or goal content
For non-security concerns (bugs, feature requests, docs), use GitHub issue forms and the conduct process in CODE_OF_CONDUCT.md.
We aim to:
- Acknowledge reports within 48 hours
- Investigate and triage within a few days
- Provide updates as we work toward a fix
Critical issues will be prioritized.
- We follow responsible disclosure
- Please allow time for a fix before public disclosure
- We will coordinate with you on timing if needed
Security applies to:
- Core LifeOS architecture
- Modules and integrations
- Local and remote execution paths
- Data handling, storage, and transport
Out-of-scope (unless explicitly exploitable):
- Theoretical issues without a clear attack path
- Issues requiring unrealistic assumptions
LifeOS is built around:
- Local-first architecture — minimize external exposure
- User data ownership — no hidden data flows
- Modular isolation — reduce blast radius of failures
- Explicit permissions — no implicit trust between modules
- Transparency — clear, inspectable behavior
We appreciate responsible researchers and contributors who help improve the security of LifeOS.
Contributors who report valid vulnerabilities may be acknowledged here (with permission).
Security is not a feature — it’s a foundation.
Thank you for helping make LifeOS safer for everyone.