We take security seriously. If you discover a security vulnerability in bc, please report it responsibly.

1. GitHub Security Advisories (Preferred): Use GitHub's Security Advisory feature to report vulnerabilities privately.

2. Email: Send details to the repository maintainers via GitHub.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fixes (optional)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 7 days
• Resolution Timeline: Depends on severity
  • Critical: 24-48 hours
  • High: 7 days
  • Medium: 30 days
  • Low: 90 days

1. Report received and acknowledged
2. Vulnerability confirmed and assessed
3. Fix developed and tested
4. Security advisory published with fix
5. Public disclosure after patch is available

This policy applies to:

• The mycel CLI tool (cmd/mycel, internal/cmd, pkg/)
• The bcd server (server/) including the REST API, WebSocket, and MCP SSE endpoints
• The TUI interface (tui/)
• The web dashboard (web/) embedded in bcd
• Docker agent images (docker/, Dockerfile.agent)
• Agent communication protocols (channels, MCP)
• Secret storage and injection (pkg/secret)
• Configuration and credential handling (.bc/, settings.json)

• Issues in third-party dependencies (report to upstream)
• Social engineering attacks
• Physical security issues

bc stores secrets in an encrypted, per-workspace store under .bc/secrets/. Secrets are injected into agent sessions at startup via environment variables and are never written to disk in plaintext. Use bc secret set to manage secrets instead of placing them in .env.

Sensitive patterns (API keys, tokens, DSNs) are redacted from WebSocket streams by the bcd server before reaching the web dashboard.

Each agent runs in its own tmux session (local) or Docker container (production) with a dedicated git worktree. Agents communicate only through the bcd API and SQLite-backed channels -- never via shared filesystem state.

• All agent images run as a non-root user
• Base images are pinned to specific versions (never :latest)
• Containers use bridge networking (not --net=host)
• HEALTHCHECK directives are included in production images

• The bcd server binds to localhost:9374 by default
• CORS, request body size limits, and rate limiting are enforced
• MCP SSE endpoints identify the calling agent via query parameter (?agent=<name>)

• golangci-lint with strict security linters (gosec, errcheck, noctx)
• govulncheck runs on every push to main
• Dependabot monitors Go and npm dependencies

When using bc:

• Keep bc updated to the latest version
• Store API keys and tokens via bc secret set, not in .env or shell history
• Review agent prompts and role definitions before execution
• Use environment variables for sensitive data (never hardcode)
• Restrict agent capabilities to the minimum required via role definitions
• Monitor agent costs and set appropriate budgets
• Run agents in Docker runtime for production workloads (stronger isolation)
• Audit .bc/agents/ directory periodically for stale worktrees