security
Security & vulnerability disclosure
00 is local-first by design — your keys, messages, and files live on your own machines. We take the security of the app, the engine, and this site seriously, and we welcome good-faith security research.
How 00 is built
- ›Secrets are stored in an encrypted vault (AES-256-GCM), write-only to agents: they can see key names, never values. On macOS the master key lives in the Keychain.
- ›Agent tool execution is sandboxed (macOS Seatbelt): writes are contained to the agent's own workspace, and secret values are scrubbed from its environment.
- ›Remote access is closed by default. When enabled, every device must pair with an operator-approved code, and every request is signed with the device's own Ed25519 key — there are no bearer tokens to steal, and replays are rejected.
- ›Strangers who message your agents talk to an isolated public agent with per-conversation file isolation, kept away from your private workspace.
- ›Outgoing messages to untrusted contacts can be quarantined for your explicit approval before anything is sent.
Reporting a vulnerability
If you believe you've found a security vulnerability, please report it privately — don't open a public issue or post details before we've had a chance to fix it.
- ›Email [email protected] with [SECURITY] in the subject.
- ›Include what you found, the affected component (macOS app, headless engine, this website, or the download infrastructure), steps to reproduce, and the potential impact. Proof-of-concept code is welcome.
- ›Machine-readable contact details are published at /.well-known/security.txt (RFC 9116).
What to expect
- ›Acknowledgement within 48 hours, and an initial assessment within 7 days.
- ›We aim to ship a fix for confirmed issues within 90 days — usually much sooner, since releases are frequent. We'll keep you informed along the way.
- ›We follow coordinated disclosure: once a fix has shipped, you're welcome to publish your findings. We're happy to credit you in the changelog (or keep you anonymous — your call).
- ›00 is a free, independent project — there is no paid bug bounty, but reports are genuinely appreciated and always answered.
Safe harbor
We will not pursue legal action against researchers who: act in good faith, avoid privacy violations and destruction of data, only test against their own installations and accounts, do not exploit findings beyond what's needed to demonstrate them, and give us reasonable time to fix issues before public disclosure. Research conducted this way is considered authorized under applicable anti-hacking and anti-circumvention laws.
Scope
- ›In scope: the 00 macOS app, the 00 engine (including headless builds and its HTTP/WS API), the pairing and federation protocols, this website (0-0.chat), and the download/update infrastructure (dl.0-0.chat, updates.json integrity).
- ›Out of scope: volumetric denial-of-service, social engineering or phishing of individuals, physical attacks, issues in third-party services (Overblast, model providers, Cloudflare) — report those upstream — and vulnerabilities that require a compromised machine or that only affect an installation whose owner deliberately disabled protections (e.g. sandbox off, LAN exposed without pairing).