Security Overview
Implemented safeguards, known limits and the route for responsible security reports.
Effective 10 July 2026 · Policy 2026-07-10.v1 · Draft pending counsel review
Tenant runtime
Each active tenant uses a separate non-privileged container without Docker socket access. Tenant state is isolated under its own persistent data path and attachments first enter a bounded noexec tmpfs quarantine.
Content safeguards
The managed image uses versioned narrow detectors at inbound text, model-request, tool-call and state-database boundaries. Supported PDFs, images and office documents receive bounded local extraction. Basic beta malware checks are not a replacement for the shared ClamAV service required before public production.
Secrets
Platform integration credentials are encrypted and are not written to Hermes memory or workspace. Model-provider credentials required by the agent follow the documented managed runtime flow.
Limitations
No detector guarantees perfect identification. Terminal or generated-file paths, unsupported encodings, external-provider retention and unverified backup deletion remain documented residual risks.
Report a vulnerability
Security reports may be sent to security@links.academy. Response targets, safe-harbor language and the complete disclosure policy remain release-blocking items.