Security Policy
The public AGILLM 4.3 path is designed for untrusted volunteer compute.
- Volunteers connect outbound over HTTPS.
- Volunteers do not receive SSH access, API keys, private hostnames, private checkpoint paths, or merge scripts.
- Lease artifacts are SHA-256 checked before execution.
- Result uploads land in quarantine.
- A trusted validator must accept an update before it can be merged.
- Public helpers should run with least privilege in a disposable work directory.
Report issues through GitHub issues or by contacting the trusted AGILLM operator directly.