| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability, please report it responsibly:
- Do not open a public issue
- Email details to: [[email protected]] (update with your contact)
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We aim to respond within 48 hours and will work with you to understand and address the issue.
- Stored in macOS Keychain, never in plain text or UserDefaults
- Never logged or transmitted except to configured AI providers
- OpenCode runs as a separate process with limited environment
- File operations require explicit user permission
- All AI provider communication uses HTTPS
- No telemetry or analytics collected
- Accessibility permission required only for global hotkey
- File access controlled through permission prompts
Motive relies on:
- OpenCode — AI agent CLI (bundled binary)
- No other runtime dependencies
Security updates will be released as patch versions. We recommend always using the latest release.