General documentation index: docs/DOCUMENTATION.md. API and capability setup (full tree): viki/SECURITY_docs/SETUP.md (available in the implementation checkout).
Security fixes are applied to the most recent minor release line.
| Version | Supported |
|---|---|
| 8.0.x | ✅ |
| 7.3.x | ✅ |
| < 7.3.0 | ❌ |
Please do not open a public GitHub issue for security vulnerabilities.
Use GitHub private vulnerability reporting:
- Open the Security tab of the Orythix/viki repository
- Click Report a vulnerability
Public documentation only (VIKI-public)
If you do not have access to the private implementation repo, report via the Security tab on Orythix/VIKI-public instead (same Report a vulnerability flow).
- A clear description of the issue and its impact
- Steps to reproduce (or a minimal proof-of-concept)
- Affected version, OS, and any relevant logs (with secrets redacted)
We aim to acknowledge reports within 48 hours and provide a remediation timeline within 7 days of triage. Coordinated disclosure is appreciated; we will credit reporters in the changelog if requested.
VIKI is designed with a defense-in-depth approach:
- Local-first execution — most operations run on-device to minimize external attack surface.
- Action validation — every skill execution is checked by
safety.validate_action(skill_name, params)before running. Prohibited patterns and admin-file access are blocked. - Path sandboxing — file operations (
filesystem_skill,dev_tools,whisper,pdf,data_analysis) are restricted to allowed roots (workspace_dir,data_dir). - Capability gating — high-risk skills (filesystem, shell) require explicit permission and are logged in
logs/viki.log. - API authentication — all REST endpoints require
VIKI_API_KEY. - Secret redaction — model output and logs redact API keys and tokens; user input and skill params are logged via
safe_for_log(). - Prompt injection mitigation — incoming prompts are sanitized against a blocklist of jailbreak-style phrases.
- Shell safety — commands containing
;,&&,||, or|require confirmation. Optional LLM security scan can be enabled viasystem.security_scan_requests. - Sandbox principles — shell and system commands are executed within restricted environments where possible.
- Secrets management — never commit
.envor operational secrets (VIKI_API_KEY,VIKI_ADMIN_SECRET) to version control. Generate withpython -c "import secrets; print(secrets.token_urlsafe(32))". - Default keys are dead — any
VIKI_API_KEYvalue found in old documentation or example files (e.g. the historicalREDACTED-OLD-KEY-ROTATE-VIKI_API_KEYplaceholder) is invalid. Always generate your own. - Model origin — only use trusted models from official sources (Ollama / Hugging Face) to mitigate prompt-injection or malicious-weight attacks.
- Log review — periodically review
logs/viki.logfor unauthorized capability-check attempts.
For setup details, see viki/SECURITY_docs/SETUP.md.
Runbook version: aligned with VIKI v8.0.0 (Industrial). Update this file when default ports, flags, or critical architecture patterns change.