Skip to content

Security: RitualChain/agent-os

Security

SECURITY.md

Security Policy

Overview

Agent OS is an educational demo platform designed to teach AI agent concepts. This document outlines security considerations for both demo usage and any production adaptations.

Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly:

  1. Do NOT open a public GitHub issue
  2. Email security concerns to the maintainers privately
  3. Include detailed steps to reproduce the issue
  4. Allow reasonable time for a fix before public disclosure

Security Measures Implemented

API Protection

  • Input Validation: All API endpoints use Zod schemas to validate incoming requests
  • Rate Limiting: Middleware limits requests to 20 per minute per IP address
  • Error Handling: Errors are sanitized before being returned to clients
  • Request Size Limits: Prompts limited to 10,000 characters, messages limited to 100 per request

HTTP Security Headers

The following security headers are configured via next.config.mjs:

Header Value Purpose
X-Frame-Options DENY Prevents clickjacking attacks
X-Content-Type-Options nosniff Prevents MIME-type sniffing
Referrer-Policy strict-origin-when-cross-origin Controls referrer information
X-XSS-Protection 1; mode=block XSS filter for legacy browsers
Permissions-Policy Restrictive Disables camera, microphone, geolocation
Content-Security-Policy Configured Restricts resource loading

Environment Variables

  • Sensitive credentials are loaded from environment variables
  • .env.example provides a template without real values
  • .gitignore excludes .env* files (except .env.example)

Known Limitations (Demo Context)

This is an educational demo and has intentional limitations:

No Authentication

API endpoints are publicly accessible. For production use:

// Add authentication middleware
import { auth } from "@/lib/auth"

export async function POST(req: Request) {
  const session = await auth()
  if (!session) {
    return new Response("Unauthorized", { status: 401 })
  }
  // ... rest of handler
}

In-Memory Rate Limiting

The current rate limiter uses in-memory storage, which:

  • Resets on server restart
  • Doesn't work across multiple instances

For production, use Redis-based rate limiting:

import { Ratelimit } from "@upstash/ratelimit"
import { Redis } from "@upstash/redis"

const ratelimit = new Ratelimit({
  redis: Redis.fromEnv(),
  limiter: Ratelimit.slidingWindow(20, "60 s"),
})

Optional Database

Database features are optional. When DATABASE_URL is not set:

  • The app runs without persistence
  • No data is stored between sessions

Production Deployment Checklist

Before deploying to production:

  • Set strong, unique ANTHROPIC_API_KEY
  • Configure DATABASE_URL with proper credentials
  • Set up Redis-based rate limiting (UPSTASH_REDIS_REST_URL, UPSTASH_REDIS_REST_TOKEN)
  • Add authentication (NextAuth.js, Clerk, Auth0, etc.)
  • Configure proper CORS if needed
  • Review and tighten Content Security Policy
  • Enable HTTPS only
  • Set up monitoring and alerting
  • Configure proper logging (without sensitive data)
  • Review all environment variables

Code Security Notes

dangerouslySetInnerHTML Usage

The components/ui/chart.tsx file uses dangerouslySetInnerHTML to inject CSS:

// SECURITY NOTE: This is safe because:
// 1. Content is generated from internal configuration only
// 2. No user input is ever included in the generated CSS
// 3. Values come from a predefined THEMES constant

AI Model Configuration

The AI model identifier is hardcoded to prevent prompt injection attacks that might try to change the model.

Dependencies

Run regular security audits on dependencies:

# Check for vulnerabilities
npm audit

# Update dependencies
npm update

# Check for outdated packages
npm outdated

Additional Resources

Last updated: January 2026

There aren’t any published security advisories