Hive is a local development tool for coordinating CLI agents. It is not a hosted service and does not provide a multi-user security boundary.
| Version | Supported |
|---|---|
| Latest npm release | Security fixes accepted during public preview. |
| 2.x | Best-effort fixes while the public preview is active. |
| Earlier versions | Not supported. |
Use GitHub private vulnerability reporting for tt-a1i/hive whenever it is
available. Do not paste exploit details, tokens, terminal logs, private
workspace paths, or reproduction scripts into a public issue.
If private reporting is temporarily unavailable, open a minimal public issue
with the title Security contact request and no technical details; a maintainer
will provide a private contact path before triage continues.
Expected response during public preview:
- Initial maintainer response: best effort within 7 days.
- Public disclosure or changelog entry: after a fix is available, or earlier when the issue does not expose users to practical exploitation.
Please include:
- Hive version or commit SHA.
- Operating system and Node.js version.
- Whether the issue affects the local runtime, packaged install, web UI, PTY
process handling, or the injected
teamcommand. - A minimal reproduction when it is safe to share.
- Hive binds to
127.0.0.1by default. Do not expose the runtime port directly to the internet or to an untrusted network. - Built-in presets may pass each CLI's non-interactive or bypass flag so worker agents can continue without manual permission prompts.
- Treat workers as able to run arbitrary shell commands with the permissions of the user account that launched Hive.
- Only open trusted workspaces. Hive intentionally gives agents access to the selected workspace so they can edit files and run project commands.
- Agent tokens are generated by the local runtime, injected into agent process environments, and intended only for local agent-to-runtime calls.
- The browser UI token is a same-machine session guard. It is not designed to protect Hive from other processes already running as the same OS user.
- Do not paste Hive agent tokens, terminal output, or workspace logs into public reports if they include private repository or machine details.
Remote access is optional and off by default. When enabled, a paired phone is a trusted device with the same authority as the local browser.
- Pair only devices you control and revoke them when they are no longer needed.
- Pairing must be confirmed at the desktop; do not approve a code you did not initiate.
- Remote access does not move your workspace or agent execution to the gateway. The gateway relays authenticated traffic; your Hive runtime and CLI agents still run on your machine.
- If you suspect a device, browser profile, or gateway account is compromised, disable Remote access, revoke paired devices, and restart Hive.
- Running Hive as a shared server for multiple users.
- Exposing the local Hive port through a public tunnel or reverse proxy.
- Operating Hive as a hardened production service.
- Sandboxing third-party CLI agents beyond the controls provided by those CLIs.