Security
How to report a security vulnerability in Meshfleet, what's in scope, and what we promise about response times.
Reporting a vulnerability
Do not open a public GitHub issue for security vulnerabilities.
Email security@meshfleet.app (or john@meshfleet.app if the security inbox isn't set up yet). For sensitive reports you can also open a private GitHub security advisory.
Include:
- →Description of the vulnerability
- →Steps to reproduce
- →Affected versions
- →Your name / handle (optional, for credit)
We aim to acknowledge within 48 hours and ship a fix within 7 days for critical issues.
Supported versions
Security fixes are backported to the latest minor version. Older versions are not patched.
| Version | Supported | Notes |
|---|---|---|
| 0.8.x | ✓ | Latest series — full security support |
| 0.7.x | ✓ | Critical fixes backported |
| 0.6.x | ✓ | Critical fixes backported |
| 0.3.x – 0.5.x | ~ | Best-effort; upgrade recommended |
| < 0.3 | ✗ | Unsupported |
What we consider a security issue
- →Code execution from untrusted input — path traversal in the ledger, command injection in spawned agents, template import (v0.8.6) bypassing validation
- →Privilege escalation via the MCP transport — anyone who can talk to the stdio socket runs code as you
- →Information disclosure in the ledger —
agent-mesh.jsonis plain text and may contain agent output. Don't share it without scrubbing - →Supply-chain attacks against dependencies (we currently depend on
@modelcontextprotocol/sdk) - →SSE server exposure (v0.7.0) — bind is
127.0.0.1by default; do not expose port 13579 to the network
What is NOT a security issue
- ✓Local-only code execution — this is an MCP server that spawns
opencode run. By design it runs code on your machine. The trust boundary is your local environment. - ✓Lack of authentication — the mesh assumes a trusted local environment. The MCP stdio transport is the trust boundary. If you need auth, run OpenCode on a single-user machine and lock the socket.
- ✓Agent prompts reading your files — by design, agents see the codebase you're working on. Don't point them at secrets.
Acknowledgments
Researchers who report valid issues get credited (with permission) in the release notes and a sponsor shoutout if you'd like. No paid bug bounty program yet — this is a small project.
Acknowledgments to our security model
Meshfleet is designed so that a compromised MCP server has the same power as the user running it. This is the same trust model as opencode run itself, the Claude Code CLI, or any other local AI agent. We don't try to sandbox agents — we give the user clear visibility into what agents are doing (the dashboard TUI, the event log) and let them decide.