Security

What Ottili Coder does — and doesn't — protect against.

Ottili Coder doesn't sandbox the agent. Treat it like any tool with shell and file access.

No built-in sandboxing

The permission system is not an isolation boundary. For untrusted code or unreviewed repositories, run Ottili Coder inside a container or VM.

Server mode is opt-in

"ottili-coder serve" starts unauthenticated unless you set OTTILI_CODER_SERVER_PASSWORD. Set one before exposing it beyond localhost.

Report a vulnerability

Use GitHub's Security Advisory form on the repository, or email security@ottili.one if you don't hear back within a few business days.

No AI-generated reports

The project does not accept automated or AI-generated security reports — submissions must reflect real human review.

View source on GitHub