If you discover a security vulnerability in Gas Town, please report it responsibly:
- Do not open a public issue for security vulnerabilities
- Email the maintainers directly with details
- Include steps to reproduce the vulnerability
- Allow reasonable time for a fix before public disclosure
Gas Town is experimental software focused on multi-agent coordination. Security considerations include:
- Agent isolation: Workers run in separate tmux sessions but share filesystem access
- Git operations: Workers can push to configured remotes
- Shell execution: Agents execute shell commands as the running user
- Beads data: Work tracking data is stored in
.beads/directories
When using Gas Town:
- Run in isolated environments for untrusted code
- Review agent output before pushing to production branches
- Use appropriate git remote permissions
- Monitor agent activity via
gt peekand logs
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
Security updates will be released as patch versions when applicable.