Rivet is early-stage and has not published a stable release yet. Security review currently applies to the main branch on a best-effort basis.
No stable security boundary is promised at this stage.
| Version | Supported |
|---|---|
main / master before a stable release |
Best effort |
| Stable releases | Not available yet |
Please do not open public issues for suspected vulnerabilities involving:
- credentials or tokens;
- command execution;
- local file access;
- provider request or response data;
- transcript or persisted session data;
- extension or tool execution behavior.
Use GitHub private vulnerability reporting when it is available. If it is not available, contact the maintainer privately before sharing sensitive details in public.
Do not include real API keys, private transcripts, provider payloads, or unredacted local paths in public issues.
Rivet is a local-first, single-user tool. It is not a sandbox.
Enabled tools may read files, write files, access the network, or run commands according to their contracts and approvals. Treat tool, workflow, and future extension execution as trusted local automation unless documentation explicitly states otherwise.
Permission and approval controls are product safety controls. They should make important actions visible and reviewable, but they are not a hard operating system isolation boundary.
Live provider use sends selected model input to the configured provider. Use deterministic scenario mode for offline reproduction and testing whenever possible.
Future Rivet Control features are intended to explain and prepare configuration or control changes through Rivet-owned surfaces. Rivet Control should not be treated as a security boundary, sandbox, or autonomous administrator. Meaningful control changes should remain visible, reviewable, and subject to normal permission and confirmation rules.
- Do not commit secrets to the repository.
- Do not paste API keys, private transcripts, or provider request bodies into issues or pull requests.
- Redact provider payloads and local machine paths before sharing diagnostics.
- Rotate any credential that may have been exposed.
- Prefer deterministic scenario-mode reproductions over live-provider logs.
Rivet does not yet have a formal security SLA. Reports will be handled on a best-effort basis until stable releases and a public support model exist.