We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 0.1.x | ✅ Yes |
| < 0.1 | ❌ No |
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via email to security@pizenlabs.com.
Include the following information:
- Type of issue (e.g., buffer overflow, injection, privilege escalation)
- Full paths of source file(s) related to the issue
- Location of the affected source code (tag/branch/commit or URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if available)
- Impact of the issue (what an attacker could achieve)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 5 business days
- Fix timeline: Communicated after assessment
- Disclosure: Coordinated with reporter
Izen is built with security as a foundational principle:
- No telemetry, no phone-home, no hidden network calls
- All AI inference via explicitly configured providers
- No data leaves your machine without explicit action
- Sandbox mode (default): Blocks destructive commands (
rm -rf,dd,mkfs, etc.) - Confirmation required: All shell commands require explicit user approval
- Command allowlist: Configurable permitted commands
- Timeout enforcement: All commands have hard timeouts
| Capability | Default | Scope | Revocable |
|---|---|---|---|
| File read | ✅ | Workspace | Yes |
| File write | ❌ (build mode) | Workspace | Yes |
| Shell exec | ❌ (build/investigate) | Configurable | Yes |
| Network | ❌ | Provider config only | Yes |
| Git operations | ✅ | Workspace | Yes |
| MCP servers | ❌ | Explicit enable | Yes |
- All mutations captured as unified diffs
- Git checkpoints before every write operation
undocommand reverts last patch- Audit log at
.izen/history.md
| Threat | Mitigation |
|---|---|
| Malicious AI output | Sandbox validation, confirmations, patch review |
| Supply chain | Vendored dependencies, go.sum, Cargo.lock pinned |
| Path traversal | Workspace-root validation, symlink resolution |
| Command injection | Shell=false, argument arrays, allowlist |
| Data exfiltration | Local-first, no background uploads |
| MCP server compromise | Explicit enable, schema validation, stdio isolation |
- All dependencies pinned and verified (
go mod verify,cargo audit) - CI runs
govulncheck,cargo audit,gosec,cargo clippy -D warnings - No
unsafein Go code; minimalunsafein Rust (FFI boundaries only) - Fuzzing on parsers (Tree-sitter queries, YAML config)
- Property-based testing on graph operations
We follow coordinated vulnerability disclosure:
- Reporter contacts security@pizenlabs.com
- We acknowledge within 48 hours
- We investigate and develop fix
- We coordinate release timeline with reporter
- Public advisory published after fix is available
We recognize researchers who responsibly disclose vulnerabilities:
(None yet — be the first!)
PGP Key: Available at keys.pizenlabs.com or via WKD at security@pizenlabs.com.