This project is a research proof-of-concept. Only the latest commit on the default branch (main) and the active development branch receive security attention.
| Branch | Supported |
|---|---|
main |
✅ |
core/architecture |
✅ |
| Older branches | ❌ |
Please do not open a public GitHub issue for security vulnerabilities.
To report a vulnerability, please:
- Open a private security advisory on GitHub (preferred).
- Or send an email to the repository owner found on their GitHub profile.
Include as much of the following information as possible:
- A description of the vulnerability and its potential impact
- Steps to reproduce the issue
- Affected versions / branches
- Any suggested fix or mitigation
You can expect an acknowledgement within 72 hours and a status update within 7 days.
RawLLM supports two plugin sandbox backends:
SANDBOX_BACKEND=subprocess(legacy)SANDBOX_BACKEND=docker(recommended)
When docker backend is enabled, untrusted plugins run as rawllm-plugin with:
- read-only root filesystem
- network disabled (
--network none) - dropped capabilities +
no-new-privileges - isolated volumes only:
- workspace (rw)
- core_repo snapshot (ro)
- plugin_store snapshot (ro)
The orchestrator process remains under rawllm-core.
Residual risk: this project is still a research POC and should be deployed only in controlled environments. Validate your container runtime hardening settings and image supply chain before production use.