| Version | Supported |
|---|---|
| 2.x | Yes |
| 1.x | Critical fixes only |
Please do not open a public GitHub issue for security vulnerabilities.
Instead, send a report to: security@[your-domain] (or use GitHub's private vulnerability reporting under the Security tab).
Include:
- A description of the vulnerability
- Steps to reproduce it
- What information or systems it could expose
- Your suggested fix, if you have one
You'll receive an acknowledgment within 48 hours. If the vulnerability is confirmed, a fix will be issued within 14 days for critical issues.
SAGE is a read-only research tool. It is designed with the following security properties:
- Never sends source code to external APIs. The arXiv API only receives search query strings — never file contents, function bodies, or identifiers from your codebase.
- Never modifies source code. SAGE writes only to
TECHNIQUES.md,PAPERS.md,SUMMARIES.md,GAPS.md, andRELATED_WORK.md. This is enforced inRULES.md. - Never stores credentials. LLM API keys are passed via environment variables and are never written to disk.
- Never executes code from the target repo. Analysis is purely AST-based via GitNexus.
- Queries the public arXiv API (no authentication required) with text search strings derived from detected technique names.
- Runs
npx gitnexus@1.5.3as a subprocess to build an AST knowledge graph of the local codebase. - Calls an LLM provider (Groq, OpenAI, Anthropic, or custom) to reason over the analysis results.
- LLM key exposure: Your API key is passed via environment variable. Do not commit
.envfiles. The HuggingFace Space uses Space Secrets — never hard-code keys. - Prompt injection via code comments: A malicious repo could contain comments designed to manipulate the agent's analysis. SAGE's
RULES.mdlimits what the agent is allowed to do, but users should be aware of this risk when running SAGE against untrusted third-party repos. - arXiv API rate limiting: Sending too many queries too quickly can result in temporary IP blocks from the arXiv API. SAGE limits itself to ≤15 queries per pipeline run with a 1-second delay between calls.
gitnexus@1.5.3is pinned by version. Verify the package integrity if you are running in a sensitive environment.- Python dependencies are declared in
pyproject.toml. Runuv lock --checkto verify the lockfile is up to date.
The public demo at huggingface.co/spaces/guglxni/SAGE-GitAgent-Demo is a shared environment. Do not enter sensitive API keys into the public Space. Use your own private deployment for sensitive codebases.