Security Notes
Trinity Lite is designed as a public, sanitized MVP. Treat it as a local development tool unless you harden it further.
Never Commit
.env- API keys, OAuth tokens, cookies, passwords
- private task databases
- personal memories or shell history
- machine-specific process reports
- private model gateway configuration
- retired runtime files such as
codeproxy.pidortrinity_learn.db-wal - provider API keys or endpoint URLs inside public agent examples
Built-In Safety
- Tasks cannot be delegated from an agent to itself.
- Delegation depth is capped at
2. - Task working directories must be inside allowed roots.
- Agent commands are JSON arrays and run with
shell=False. - Provider-specific API setup belongs in the CLI agent or a local wrapper, not in public config.
doctor --scan-root .checks for common private files, retired runtime artifacts, and likely secrets.doctor --runtime-root <dir> --retired-port <port>can check a long-running local runtime without committing it.
Allowed Roots
By default, task cwd must be inside $HOME. Override this only when needed:
export TRINITY_LITE_ALLOWED_ROOTS="$HOME/projects:/tmp/demo"
Public Release Checklist
Run before publishing:
python3 -m unittest discover -s tests -v
python3 -m compileall -q trinity_lite
trinity-lite doctor --scan-root .
git status --short
Then manually inspect:
- No
.env - No
.db,.sqlite,.log - No
codeproxy.pidortrinity_learn.db* - No real API keys
- No private provider endpoint URLs
- No hardcoded user home path
- No private task prompt or result history