Vulnerability Daemon is designed as a local operator tool, not a hosted service.
- The HTTP server must bind to
127.0.0.1. - Source folders are read from local disk.
- Run artifacts are written to
output_dir. - Agent CLIs are spawned as local child processes.
- Review state is stored locally in
reviews.json.
The local user is trusted to read audit reports and source code. Other users on the same machine may be able to inspect process arguments or files depending on OS permissions.
The configured agent CLI is trusted to process prompts and source access according to its own model. Vulnerability Daemon does not sandbox the agent beyond passing read-only instructions and, for Codex, read-only sandbox flags.
The following files may contain sensitive data:
prompt.mdreport.mdfindings.jsonresults.sarifagent.stdout.logagent.stderr.logreviews.json
Treat the full output_dir as confidential.
Webhook payloads include finding titles, target names, run metadata, and selected finding fields. Do not configure a webhook unless the destination is approved for vulnerability information.
- Multi-user authentication
- Cloud storage
- Remote repository cloning
- Hosted scheduling
- Secret scanning guarantees
These may be added later behind explicit configuration.