Skip to content

Security: superagent-ai/PITHOS

Security

docs/security.md

Security Model

PITHOS performs static repository review. The initial production scope does not run target application code, start services, run migrations, execute tests, or apply patches.

Repository Access

Local repositories and cloned GitHub repositories are mounted read-only inside the Pi agent container at /repo.

Agent Execution

PITHOS runs Pi inside a Docker-managed agent image. Docker is required. If a gVisor runtime is configured through the inherited sandbox environment, Docker uses it; otherwise Docker's default runtime is used.

Network Access

The agent needs outbound access to the selected Pi provider. Firecrawl credentials are forwarded only when FIRECRAWL_API_KEY or FIRECRAWL_API_URL is set.

Secrets

PITHOS redacts GitHub tokens from Git errors and does not write token-bearing remote URLs to disk. Provider API key environment variables are passed into the agent container when set. --pi-config-dir mounts only auth.json and models.json read-only.

Avoid running PITHOS from directories that contain unrelated secrets unless they belong to the repository being reviewed.

There aren't any published security advisories