Complete guide to VT Code's security documentation.
New to VT Code Security? Start here:
- Security Quick Reference - Security at a glance
- Security features overview
- Configuration instructions
- Best practices
- Incident response
- 5-layer security model summary
- Allowed/blocked commands
- Quick security checks
- Emergency response
- Complete security architecture
- Defense-in-depth layers
- Threat model
- Adding new commands safely
- Security testing procedures
- Current security posture
- Vulnerability analysis
- Testing checklist
- Recommendations
- Enterprise security controls
- Compliance considerations
- Deployment guidelines
- Command execution policies
- Approval workflows
- Policy configuration
Security Fix: Ripgrep Preprocessor
- Fixed HIGH severity vulnerability
- Ripgrep
--preflag argument injection - Comprehensive test suite added
- Executive summary of security work
- Testing results
- Impact assessment
- Location:
vtcode-core/src/execpolicy/mod.rs - Documentation: Security Model - Layer 1
- Only 9 commands allowed: ls, cat, cp, head, printenv, pwd, rg, sed, which
- Location:
vtcode-core/src/execpolicy/mod.rs - Documentation: Security Model - Layer 2
- Per-command validators: Explicit flag allowlists, execution flag blocking
- Location:
vtcode-core/src/execpolicy/mod.rs - Documentation: Security Model - Layer 3
- Path validation: Normalization, symlink resolution, boundary checks
- Location:
vtcode-core/src/sandbox/,vtcode-core/src/tools/bash_tool.rs - Documentation: Security Guide - Sandbox
- Anthropic sandbox: Filesystem isolation, network allowlist
- Location:
src/agent/runloop/unified/tool_routing.rs - Documentation: Security Guide - Approval System
- Three-tier approval: Once, Session, Permanent
- Location:
vtcode-core/tests/execpolicy_security_tests.rs - Tests: 14 comprehensive security tests
- Run:
cargo test -p vtcode-core --test execpolicy_security_tests
- Ripgrep preprocessor flags blocked
- Sed execution flags blocked
- Path traversal blocked
- Absolute paths outside workspace blocked
- Disallowed commands blocked
- Safe command usage allowed
- File:
~/.config/vtcode/tool_policy.toml - Documentation: Tool Policies
- File:
vtcode.toml - Documentation: Configuration Guide
- File:
vtcode.toml(sandbox section) - Documentation: Security Guide - Sandbox
- File:
../README.md - Security Section: Highlights 5-layer security model
- Badge: Security hardened badge
- File:
./README.md - Security Section: Comprehensive security features list
- Links: All security documentation
- File:
./user-guide/getting-started.md - Security Section: Security best practices for new users
- File:
../.kiro/steering/vtcode.md - Security Section: Argument injection protection guidelines for agents
- CWE-88: Argument Injection
- GTFOBINS
- LOLBINS Project
- OWASP Command Injection
- Trail of Bits: Argument Injection in AI Agents
- Do Not Disclose Publicly - Report privately first
- GitHub Security Advisory - Use GitHub's security advisory feature
- Provide Details - Include reproduction steps
- Coordinate Disclosure - Allow time for fix
- GitHub: Security Advisories
- Email: See GitHub profile
- Fixed ripgrep
--preflag vulnerability (HIGH) - Added comprehensive security test suite (14 tests)
- Created security documentation suite
- Updated README and docs with security highlights
- Added security architecture diagram
- Bash tool allowlist argument validation
- Compiler flag validation
- Build tool argument validation
- Expand sandbox usage
- Add fuzzing for validators
See Security Audit for detailed recommendations.
Documentation Version: 1.0
Last Updated: October 25, 2025
Security Model Version: 1.0