Security & Privacy

OpenVesper is an open-source AI agent framework built on three commitments: zero data retention, no wallet key handling, and zero hidden telemetry. This page explains how each is enforced in code.

Zero data retention

OpenVesper does not collect, store, transmit, or retain any user data on our servers.

  • No telemetry. No usage analytics, no error reporting to us, no "anonymous metrics."
  • No phone-home. The runtime never contacts openvesper.com or any Vesper-controlled server.
  • No remote logging. Logs are local. We cannot see them. We never receive them.
  • No "cloud sync." Memory, conversations, agents, and configurations live exclusively on your machine.
  • No accounts. There is nothing to sign up for. We have no user database.
  • No prompt logging. Your prompts and the model's responses are never sent to us.

When you use OpenVesper:

  • Your LLM provider (Anthropic, OpenAI, etc.) sees your prompts. That is their privacy policy, not ours.
  • External APIs you configure (Telegram, Slack, etc.) see the data you choose to send them.
  • Your local disk stores memory, configurations, and logs only if you enable them.

Wallet key policy

OpenVesper NEVER asks for, stores, or uses your main wallet private key or seed phrase. For any feature.

This is a hard architectural rule:

  • No plugin in this repository reads a "main wallet private key" env var.
  • No bundled agent persona requests a seed phrase. If a bundled one does, that's a bug โ€” file a security issue. (Custom agents you author are your responsibility.)
  • No example, doc, or tutorial in this repository will instruct you to paste a main wallet key into .env.

No perpetual DEX trading bundled

OpenVesper does not bundle Hyperliquid, Lighter, Drift, or similar perpetual-DEX trading code by default. This is a packaging choice, not a hard restriction โ€” users can build their own trading plugins.

  1. Key management responsibility. Even scoped API credentials need careful handling. As an open-source project that anyone can fork and modify, we'd rather not be the bridge between an LLM-driven agent and your money.
  2. Focus. OpenVesper is for read-only analytics, research, and orchestration. Trading execution belongs in a separate, carefully audited tool.

Local data storage

When enabled, the following data is stored locally only at ~/.openvesper/:

DataLocationDefault
API keys, tokens~/.openvesper/.env (perm 0600)n/a โ€” you provide
Configuration~/.openvesper/openvesper.jsoncreated on first run
Memory~/.openvesper/workspace/memory.json (perm 0600)disabled
Conversations~/.openvesper/workspace/conversations/disabled
Agent files.agents/<name>/ in your projectn/a
Daily logs.agents/<name>/memory/YYYY-MM-DD.mddisabled
Cron state~/.openvesper/workspace/heartbeat.json (perm 0600)only if jobs added

Memory and conversation persistence are opt-in. TheMemoryManager defaults to enabled: false. The runtime never writes prompts or responses to disk unless you explicitly configure it.

Code-level enforcement

Permission flags on tools

Every mutating tool declares its permission requirement:

defineTool({
  name: "send_telegram_message",
  // ...
  permission: "mutation",  // โ† gates interactive confirmation
})

Filesystem sandbox

The filesystem plugin uses a safePath() guard that resolves the requested path and ensures it stays inside the workspace boundary. Path traversal attempts (.., symlinks out, absolute paths) are rejected.

Shell sandbox

The shell plugin blocks dangerous patterns (rm -rf /, fork bombs, mkfs, dd if=/dev, shutdown) and runs commands with timeouts.

HTTP security headers

The website ships with these headers on every response:

  • X-Content-Type-Options: nosniff
  • X-Frame-Options: DENY
  • Referrer-Policy: strict-origin-when-cross-origin
  • Permissions-Policy โ€” camera, microphone, geolocation disabled
  • Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
  • Content-Security-Policy โ€” strict, no inline eval

What stays on your machine

You can wipe all local state at any time:

# Trim memory to last 500 items
node apps/cli/dist/index.js memory compact

# Nuclear: wipe everything
rm -rf ~/.openvesper/workspace

Reporting security issues

If you find a security issue, please report it privately first:

  • Open a GitHub security advisory at github.com/openvesper/openvesper/security/advisories/new
  • Do not disclose publicly until we've had 14 days to respond

Audit your install

Because OpenVesper is open source, you can verify these claims yourself. A few specific things you can grep for:

# Check for hidden telemetry endpoints
grep -rn "analytics\|telemetry\|tracking" packages/

# Check for any HTTP POSTs to openvesper.com
grep -rn "openvesper.com" packages/ apps/

# Check for wallet key requests
grep -rn "private_key\|seed_phrase\|mnemonic" packages/

All three should return no production code matches (only the negative references in this docs).

What's next?