darq spawns ACP coding agents that can read and write within their workspace, shell out to git and gh, and merge PRs to GitHub. Treat any host running darq daemon as a system that can modify your repos.

Email doga@oztuzun.co with details. Please do not file public GitHub issues for security-impacting reports.

We aim to acknowledge within 72 hours and to ship a fix or mitigation within 14 days for high-severity findings.

In scope:

• Daemon socket protocol (~/.darq/daemon.sock) — auth, message validation, sandboxing
• ACP agent interaction — permission handling, file access boundaries, command injection
• Workflow engine — workspace path traversal, artifact write paths
• Learning store — vector-DB poisoning that biases future agent behaviour

Out of scope:

• Vulnerabilities in third-party agent binaries (opencode, claude-code, etc.) — please report upstream.
• LLM jailbreaks or prompt-injection of the agent itself — these are inherent to the medium and tracked as design constraints, not security bugs.