If you discover a security vulnerability in TogetherOS, please report it responsibly:
Email: security@coopeverything.org
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact assessment
- Any suggested fixes (optional)
Response time: We aim to respond within 48 hours.
| Version | Supported |
|---|---|
| main | ✅ |
| yolo | ✅ |
TogetherOS implements several security measures:
- Code Scanning: GitHub CodeQL analyzes code for vulnerabilities
- Secret Scanning: Automated detection of committed secrets
- Dependency Scanning: Dependabot monitors for vulnerable dependencies
- Dual-bot PR Review: Codex + Copilot review all code changes
- Error Tracking: Sentry monitors production errors
- Health Monitoring: Automated health checks with rollback capability
TogetherOS is privacy-first:
- No raw prompts stored
- IP hashing for logs
- PII redaction in audit trails
- Append-only NDJSON logs for transparency
For more details, see our Privacy Documentation.