apunkt/vestige
1
0
Fork 0
mirror of https://github.com/samvallad33/vestige.git synced 2026-04-25 00:36:22 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
vestige/SECURITY.md
Sam Valladares 04781a95e2 feat: v2.0.4 "Deep Reference" — cognitive reasoning engine + 10 bug fixes 
New features:
- deep_reference tool (#22): 8-stage cognitive reasoning pipeline with FSRS-6
  trust scoring, intent classification (FactCheck/Timeline/RootCause/Comparison/
  Synthesis), spreading activation expansion, temporal supersession, trust-weighted
  contradiction analysis, relation assessment, dream insight integration, and
  algorithmic reasoning chain generation — all without calling an LLM
- cross_reference (#23): backward-compatible alias for deep_reference
- retrieval_mode parameter on search (precise/balanced/exhaustive)
- get_batch action on memory tool (up to 20 IDs per call)
- Token budget raised from 10K to 100K on search + session_context
- Dates (createdAt/updatedAt) on all search results and session_context lines

Bug fixes (GitHub Issue #25 — all 10 resolved):
- state_transitions empty: wired record_memory_access into strengthen_batch
- chain/bridges no storage fallback: added with edge deduplication
- knowledge_edges dead schema: documented as deprecated
- insights not persisted from dream: wired save_insight after generation
- find_duplicates threshold dropped: serde alias fix
- search min_retention ignored: serde aliases for snake_case params
- intention time triggers null: removed dead trigger_at embedding
- changelog missing dreams: added get_dream_history + event integration
- phantom Related IDs: clarified message text
- fsrs_cards empty: documented as harmless dead schema

Security hardening:
- HTTP transport CORS: permissive() → localhost-only
- Auth token panic guard: &token[..8] → safe min(8) slice
- UTF-8 boundary fix: floor_char_boundary on content truncation
- All unwrap() removed from HTTP transport (unwrap_or_else fallback)
- Dream memory_count capped at 500 (prevents O(N²) hang)
- Dormant state threshold aligned (0.3 → 0.4)

Stats: 23 tools, 758 tests, 0 failures, 0 warnings, 0 unwraps in production

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-09 16:15:26 -05:00

2.4 KiB
Raw Blame History

Security Policy

Supported Versions

Version Supported
2.0.x
1.x

Reporting a Vulnerability

If you discover a security vulnerability in Vestige, please report it responsibly:

  1. DO NOT open a public GitHub issue
  2. Email the maintainer directly (see GitHub profile)
  3. Include:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if any)

You can expect a response within 48 hours.

Security Model

Trust Boundaries

Vestige is a local MCP server designed to run on your machine with your user permissions:

  • Trusted: The MCP client (Claude Code/Desktop) that connects via stdio
  • Untrusted: Content passed through MCP tool arguments (validated before use)

What Vestige Does NOT Do

  • Make network requests (except first-run model download from Hugging Face)
  • Execute shell commands
  • Access files outside its data directory
  • Send telemetry or analytics
  • Phone home to any server

Data Storage

All data is stored locally in SQLite:

Platform Location
macOS ~/Library/Application Support/com.vestige.core/vestige.db
Linux ~/.local/share/vestige/core/vestige.db
Windows %APPDATA%\vestige\core\vestige.db

Default: Data is stored in plaintext with owner-only file permissions (0600).

Encryption at Rest

For database-level encryption, build with SQLCipher:

cargo build --no-default-features --features encryption,embeddings,vector-search

Set VESTIGE_ENCRYPTION_KEY environment variable. SQLCipher encrypts all database files including the WAL journal. Alternatively, use OS-level encryption (FileVault, BitLocker, LUKS).

Input Validation

All MCP tool inputs are validated:

  • Content size limit: 1MB max
  • Query length limit: 1000 characters
  • FTS5 queries are sanitized to prevent injection
  • All SQL uses parameterized queries (params![] macro)

Dependencies

We use well-maintained dependencies and run cargo audit regularly. Current status:

  • Vulnerabilities: 0
  • Warnings: 2 (unmaintained transitive dependencies with no known CVEs)

Security Checklist

  • No hardcoded secrets
  • Parameterized SQL queries
  • Input validation on all tools
  • No command injection vectors
  • No unsafe Rust code
  • Dependencies audited