Security

Last updated: 2 June 2026

Local-first by design

SelfAgent runs on your own device or server. There is no central SelfAgent cloud holding your data. Your conversations, files, and credentials stay on your machine.

Credentials

API keys and tokens are stored locally; secret credentials are encrypted at rest (vault) where supported and are never displayed back in full or transmitted to the SelfAgent project. Each install uses only the keys you enter.

Approval gates

Sensitive actions (sending messages, deleting data, running shell commands, spending money, etc.) are gated and require your approval, helping prevent unintended autonomous actions.

Your responsibilities

Unsigned builds

Desktop builds are currently unsigned, so Windows SmartScreen / macOS Gatekeeper may warn on first run. This is expected for a free, independent project — verify you downloaded from the official source before running.

Reporting a vulnerability

Found a security issue? Please report it responsibly through the project's GitHub (security advisory or a private issue) linked from About. Do not disclose publicly until it is addressed.

No warranty

Security is a shared responsibility and the Software is provided "as is" with no warranty. See the Terms.