SecurityView source on GitHub
What Ottili Coder does — and doesn't — protect against.
Ottili Coder doesn't sandbox the agent. Treat it like any tool with shell and file access.
No built-in sandboxing
The permission system is not an isolation boundary. For untrusted code or unreviewed repositories, run Ottili Coder inside a container or VM.
Server mode is opt-in
"ottili-coder serve" starts unauthenticated unless you set OTTILI_CODER_SERVER_PASSWORD. Set one before exposing it beyond localhost.
Report a vulnerability
Use GitHub's Security Advisory form on the repository, or email security@ottili.one if you don't hear back within a few business days.
No AI-generated reports
The project does not accept automated or AI-generated security reports — submissions must reflect real human review.