OpenDray spawns pseudo-terminal (PTY) sessions that run AI coding CLIs (Claude Code, Codex, etc.) with the same privileges as the OpenDray process. A PTY is root-equivalent for the user running the server. This means:

• Any authenticated user can execute arbitrary commands on the host.
• The WebSocket terminal stream carries raw PTY I/O; intercepting it is equivalent to a shell session hijack.

Always run OpenDray behind authentication. It is not designed to be exposed to the public internet without a reverse proxy and TLS.

When JWT_SECRET is unset and the bind address is not loopback, OpenDray exits with a fatal error. This prevents accidental exposure without auth.

1. Reverse proxy -- Place OpenDray behind nginx, Caddy, or Traefik. Terminate TLS at the proxy.
2. TLS everywhere -- Never expose the WebSocket endpoint over plain HTTP on a network you do not fully control.
3. Firewall -- Restrict access to the OpenDray port. Only the reverse proxy should reach it.
4. JWT_SECRET -- Set a strong, random secret (>= 32 bytes). Rotate periodically.
5. Least privilege -- Run OpenDray as a dedicated non-root user. The PTY sessions inherit this user's permissions.
6. Database credentials -- Store DB_PASSWORD and other secrets in a secrets manager (HashiCorp Vault, SOPS, etc.), not in .env files committed to version control.

If you discover a security vulnerability in OpenDray, please report it responsibly:

• Email: security@opendray.dev
• GitHub Security Advisories: github.com/opendray/opendray/security/advisories

We will acknowledge your report within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues.

Please do not open a public GitHub issue for security vulnerabilities.

No CVEs have been assigned as of v0.1.0.