Security policy

Supported versions

Security updates, when available, apply to the latest tagged revision in this repository lineage maintained by ARPA Hellenic Logical Systems.

Please do not file public issues for undisclosed vulnerabilities.

Include:

We aim to acknowledge receipt within several business days. Coordinated disclosure is preferred.

Review these carefully before any internet-facing deployment:

Environment files: .env must remain untracked. If credentials were ever committed, rotate them everywhere they were reused.
kun.py: Contains database parameters, mail, wallet metadata, and soul signatures. Treat as confidential for production profiles.
AGENT_PRIVATE_KEY: Grants on-chain asset control. Compromise is irreversible without key rotation and fund migration.
web3_handler.py: Missing required Web3 variables causes exit() at import time (availability characteristic, not an access-control boundary).
Biometric authentication: Still-image face matching is not liveness-proof. DeepFace emotion classes are coarse heuristics, not clinical instrumentation. For a standalone gateway focused on facial recognition and emotion policy (and room to add liveness and service boundaries), evaluate Gatekeeper alongside this monolith’s in-process boot gate.
/read: Resolves operator-supplied paths on the host. Only open paths you trust.
Hugging Face /imagine: Requires HUGGINGFACE_API_KEY or HF_TOKEN in .env. Do not embed inference tokens in source.

Run on dedicated hardware with disk encryption.
Use least-privilege PostgreSQL roles per user profile.
Maintain offline backups separate from live keys.
Audit outbound network destinations (Ollama, ElevenLabs, OpenAI, Google, Yahoo Finance, NCBI, Hugging Face, RPC providers).

If a repository copy was public with real .env or kun.py secrets:

Rotate all API keys, SMTP passwords, Web3 keys, and database passwords that appeared in the leak.
Invalidate Hugging Face, OpenAI, Google, ElevenLabs, and explorer API tokens.
Regenerate wallet material if a private key was exposed.