ToothFairyAI_Public/tf_code
1
0
Fork 0
mirror of https://gitea.toothfairyai.com/ToothFairyAI/tf_code.git synced 2026-03-29 21:33:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: add comprehensive security threat model and architecture documentation

Browse Source
This commit is contained in:
Dax Raad 2026-01-14 14:49:27 -05:00
parent b3ae1931fc
commit 207a59aad4
1 changed files with 68 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
SECURITY.md
View File

@ -1,3 +1,71 @@
# Security
## Threat Model
### Overview
OpenCode is an AI-powered coding assistant that runs locally on your machine. It provides an agent system with access to powerful tools including shell execution, file operations, and web access.
### No Sandbox
OpenCode does **not** sandbox the agent. The permission system exists as a UX feature to help users stay aware of what actions the agent is taking - it prompts for confirmation before executing commands, writing files, etc. However, it is not designed to provide security isolation.
If you need true isolation, run OpenCode inside a Docker container or VM.
### Out of Scope
| Category | Rationale |
| ------------------------------- | ----------------------------------------------------------------------- |
| **Server access when opted-in** | If you enable server mode, API access is expected behavior |
| **Sandbox escapes** | The permission system is not a sandbox (see above) |
| **LLM provider data handling** | Data sent to your configured LLM provider is governed by their policies |
| **MCP server behavior** | External MCP servers you configure are outside our trust boundary |
### Architecture
```
┌─────────────────────────────────────────────────────────────────┐
│ User's Machine │
│ ┌───────────────────────────────────────────────────────────┐ │
│ │ OpenCode Process │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────────┐ │ │
│ │ │ Agent │ │ Permission │ │ Storage │ │ │
│ │ │ (LLM + │ │ System │ │ (~/.local/share │ │ │
│ │ │ Tools) │ │ │ │ /opencode) │ │ │
│ │ └─────────────┘ └─────────────┘ └─────────────────┘ │ │
│ │ │ │ │
│ │ ▼ │ │
│ │ ┌─────────────────────────────────────────────────────┐ │ │
│ │ │ Project Directory (cwd) │ │ │
│ │ └─────────────────────────────────────────────────────┘ │ │
│ └───────────────────────────────────────────────────────────┘ │
│ │ │
│ ┌──────────────────┼──────────────────┐ │
│ ▼ ▼ ▼ │
│ ┌────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ External │ │ LLM │ │ MCP │ │
│ │ Filesystem │ │ Providers │ │ Servers │ │
│ └────────────┘ └─────────────┘ └─────────────┘ │
└─────────────────────────────────────────────────────────────────┘
Optional (user must opt-in):
┌─────────────────────────────────────────────────────────────────┐
│ HTTP Server Mode │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Server (localhost:port) │ │
│ │ - REST API endpoints │ │
│ │ - WebSocket PTY │ │
│ │ - SSE event stream │ │
│ └─────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
```
### Server Mode
Server mode is opt-in only. When enabled, set `OPENCODE_SERVER_PASSWORD` to require HTTP Basic Auth. Without this, the server runs unauthenticated (with a warning).
---
# Reporting Security Issues # Reporting Security Issues
We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.