| Version | Supported |
|---|---|
| 0.3.x | ✅ |
| 0.2.x | ✅ |
| 0.1.x | ✅ |
| < 0.1 | ❌ |
If you discover a security vulnerability, please report it by emailing security@sageox.com.
Please do not open a public GitHub issue for security vulnerabilities.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 days
- Resolution timeline: Provided after assessment
We will work with you to understand and address the issue. Once resolved, we will coordinate disclosure timing with you.
This library detects and interacts with AI coding agents. When using agentx:
- Environment variables: The library reads environment variables for agent detection. Ensure your environment is trusted.
- File system access: Configuration and context file paths are derived from user input and environment. Validate paths in security-sensitive applications.
- Hook execution: When using hook managers, be aware that hooks execute code. Only install hooks from trusted sources.
When using agentx in your applications:
- Validate any paths before passing to the library
- Run with minimal necessary permissions
- Keep the library updated to the latest version
- Review hook and command content before installation