| Version | Supported |
|---|---|
| 1.0.x | yes |
| 0.1.0 (2025 legacy package) | no — retired, different product |
Email golla.sat@northeastern.edu with details and reproduction steps. You should receive a response within 72 hours. Please do not open public issues for security reports until a fix is released.
- Barx is local-first: no telemetry, no cloud, no hidden network
calls. Studio binds
127.0.0.1with a Host-header check and CSP. - Guard is not a sandbox. It observes/blocks documented seams only; do not rely on it to contain untrusted code.
- Secrets are redacted in stored evidence and prompts/responses are
hashed by default — but Barx evidence files inherit the
permissions of your filesystem; protect
.barx/like any build artifact. - The GitHub PR-comment helper contacts the GitHub API only when explicitly given a token in a pull-request context.
See docs/CLAIMS.md for the full honesty contract.