This project runs Codex through Telegram and can be configured with broad host and Docker access. Treat it as a privileged automation surface.

Security reports are especially important for issues involving:

• Telegram authentication or chat authorization bypass
• credential disclosure or insecure secret handling
• unsafe host shell execution
• unsafe Docker socket or filesystem access
• cross-chat data exposure in shared or per_chat modes
• arbitrary file read/write outside the intended workspace

Security fixes are best-effort for the latest code on the default branch. Older snapshots may not receive backports.

Please do not open public issues for vulnerabilities.

Use GitHub private vulnerability reporting if it is enabled for this repository. If it is not enabled, contact the maintainer privately through GitHub first and share only the minimum details needed to establish contact.

Include:

• affected version or commit
• deployment mode and relevant config
• clear reproduction steps
• impact assessment
• whether the issue is already being exploited

Please redact tokens, chat IDs, secrets, and host-specific paths whenever possible.

The maintainer will aim to:

• acknowledge the report within a reasonable time
• confirm scope and impact
• prepare a fix or mitigation
• coordinate disclosure once users have a fair chance to update

For safer deployments:

• keep TELEGRAM_ALLOWED_CHAT_IDS strict
• prefer CODEX_AUTH_MODE=per_chat
• pin versions when stability matters
• avoid broader mounts and flags than you actually need
• review HOST_SHELL_MODE, CODEX_EXTRA_ARGS, privileged container settings, and Docker socket exposure carefully