We release patches for security vulnerabilities for the following versions:

We take the security of Hoopoe seriously. If you believe you have found a security vulnerability, please report it to us as described below.

For security vulnerabilities, please use private reporting:

• Preferred method: Open a private security advisory on GitHub by going to the Security tab and clicking "Report a vulnerability"
• For non-critical bugs or feature requests: Use regular public GitHub issues

Please include the following information in your report:

• Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

• We will acknowledge receipt of your vulnerability report within 3 business days
• We will provide a more detailed response within 7 days indicating the next steps
• We will keep you informed of the progress towards a fix and disclosure
• We may ask for additional information or guidance

• Security issues will be fixed as soon as possible
• Security advisories will be published after fixes are released
• We follow responsible disclosure practices

1. API Keys and Credentials: Never commit .mcp.json or any files containing API keys or credentials to version control. These files are already included in .gitignore.

2. Worktree Paths: The worktree parameter in URLs is base64-encoded for URL compatibility, not for security. Always run the server on localhost only to prevent unauthorized access.

3. Codex Access: This tool provides programmatic access to Codex CLI. Ensure your Codex CLI is properly configured with appropriate permissions and that you understand what commands the tool can execute.

4. Sandbox Settings: Be aware of the sandbox mode you're using:

   • read-only: Safest, cannot modify files
   • workspace-write: Can modify files in the workspace
   • danger-full-access: Full system access - use with caution

• The HTTP server binds to localhost:8957 by default
• Do not expose this server to public networks without proper authentication
• The server spawns Codex subprocesses with full system access within the configured sandbox

• Regularly update dependencies using uv sync
• Review the uv.lock file for dependency changes
• Be aware that this tool depends on external services (Codex CLI, OpenAI APIs)

1. Base64 Encoding: The worktree parameter uses base64 encoding for URL compatibility, not security. It can be trivially decoded.

2. Local-Only Security: This server is designed for localhost use only. Running it on a network-accessible interface would expose it to potential attacks.

3. Subprocess Management: The server spawns Codex subprocesses. Ensure you trust the code being executed and the repositories being accessed.

If you have contributed to the security of this project, we would like to acknowledge your contribution. Please let us know if you would like to be credited in our security acknowledgments.