Skip to content

Security: EMMA019/kairi-AIchat

Security

SECURITY.md

Security Policy — Kairi Autonomous AI Engine

🛡️ Our Local-First Security Guarantee

Kairi is architected with a strict Local-First, Privacy-First Guarantee:

  • Zero Cloud Data Telemetry: Your conversation histories, code files, memories (kv_store.json), and API keys stay 100% on your local disk.
  • Bring Your Own Key (BYOK): Kairi communicates exclusively and directly with official model providers (Anthropic, OpenAI, Google Gemini, DeepSeek, local Ollama) using your own API keys. No third-party proxy servers collect your credentials.
  • Supply-Chain & Shell Execution Shield: Package installation operations enforce --ignore-scripts to neutralize malicious pre/post-install hooks. Sensitive shell commands require Human-In-The-Loop (HITL) approval.
  • Atomic Configuration Storage: All critical configuration writes utilize atomic file replacement (tempfile.mkstemp + os.replace) to prevent file corruption during sudden system shutdowns.

Reporting a Vulnerability

If you discover a security vulnerability within Kairi, please do not disclose it publicly on public issue trackers. Instead:

  1. Open a Private Security Advisory on our GitHub repository under the Security tab, or
  2. Contact our maintainers directly.

We treat security disclosures with the highest priority and aim to acknowledge reports within 48 hours.

There aren't any published security advisories