AgentRouter runs coding agents that can execute commands and edit files inside sandboxed environments. Please treat credential handling, sandbox lifecycle, logs, and artifacts as security-sensitive surfaces.
AgentRouter is currently alpha. Security fixes target the main branch until
the project starts publishing versioned releases.
Do not open a public issue for a vulnerability.
Until a dedicated security contact is published, please report privately to the repository owner through GitHub. Include:
- A description of the issue.
- Steps to reproduce.
- Affected commit or version.
- Whether credentials, logs, artifacts, or sandbox isolation are involved.
- Any suggested fix or mitigation.
Current self-hosted assumptions:
AGENTROUTER_API_KEYprotects the API.- Provider keys stay server-side and are passed only to the provider process.
- Provider keys must not be copied into the general sandbox environment.
- Agent commands run inside Daytona sandboxes.
- Logs and artifacts may contain sensitive application data and should be stored in private buckets by default.
Hosted account management, hosted API keys, billing, hosted BYOK storage, and Cloud dashboard authentication are not part of this open-source repository.