Security & Privacy
OpenVesper is an open-source AI agent framework built on three commitments: zero data retention, no wallet key handling, and zero hidden telemetry. This page explains how each is enforced in code.
Zero data retention
OpenVesper does not collect, store, transmit, or retain any user data on our servers.
- No telemetry. No usage analytics, no error reporting to us, no "anonymous metrics."
- No phone-home. The runtime never contacts
openvesper.comor any Vesper-controlled server. - No remote logging. Logs are local. We cannot see them. We never receive them.
- No "cloud sync." Memory, conversations, agents, and configurations live exclusively on your machine.
- No accounts. There is nothing to sign up for. We have no user database.
- No prompt logging. Your prompts and the model's responses are never sent to us.
When you use OpenVesper:
- Your LLM provider (Anthropic, OpenAI, etc.) sees your prompts. That is their privacy policy, not ours.
- External APIs you configure (Telegram, Slack, etc.) see the data you choose to send them.
- Your local disk stores memory, configurations, and logs only if you enable them.
Wallet key policy
OpenVesper NEVER asks for, stores, or uses your main wallet private key or seed phrase. For any feature.
This is a hard architectural rule:
- No plugin in this repository reads a "main wallet private key" env var.
- No bundled agent persona requests a seed phrase. If a bundled one does, that's a bug โ file a security issue. (Custom agents you author are your responsibility.)
- No example, doc, or tutorial in this repository will instruct you to paste a main wallet key into
.env.
No perpetual DEX trading bundled
OpenVesper does not bundle Hyperliquid, Lighter, Drift, or similar perpetual-DEX trading code by default. This is a packaging choice, not a hard restriction โ users can build their own trading plugins.
- Key management responsibility. Even scoped API credentials need careful handling. As an open-source project that anyone can fork and modify, we'd rather not be the bridge between an LLM-driven agent and your money.
- Focus. OpenVesper is for read-only analytics, research, and orchestration. Trading execution belongs in a separate, carefully audited tool.
Local data storage
When enabled, the following data is stored locally only at ~/.openvesper/:
| Data | Location | Default |
|---|---|---|
| API keys, tokens | ~/.openvesper/.env (perm 0600) | n/a โ you provide |
| Configuration | ~/.openvesper/openvesper.json | created on first run |
| Memory | ~/.openvesper/workspace/memory.json (perm 0600) | disabled |
| Conversations | ~/.openvesper/workspace/conversations/ | disabled |
| Agent files | .agents/<name>/ in your project | n/a |
| Daily logs | .agents/<name>/memory/YYYY-MM-DD.md | disabled |
| Cron state | ~/.openvesper/workspace/heartbeat.json (perm 0600) | only if jobs added |
Memory and conversation persistence are opt-in. TheMemoryManager defaults to enabled: false. The runtime never writes prompts or responses to disk unless you explicitly configure it.
Code-level enforcement
Permission flags on tools
Every mutating tool declares its permission requirement:
defineTool({
name: "send_telegram_message",
// ...
permission: "mutation", // โ gates interactive confirmation
})Filesystem sandbox
The filesystem plugin uses a safePath() guard that resolves the requested path and ensures it stays inside the workspace boundary. Path traversal attempts (.., symlinks out, absolute paths) are rejected.
Shell sandbox
The shell plugin blocks dangerous patterns (rm -rf /, fork bombs, mkfs, dd if=/dev, shutdown) and runs commands with timeouts.
HTTP security headers
The website ships with these headers on every response:
X-Content-Type-Options: nosniffX-Frame-Options: DENYReferrer-Policy: strict-origin-when-cross-originPermissions-Policyโ camera, microphone, geolocation disabledStrict-Transport-Security: max-age=63072000; includeSubDomains; preloadContent-Security-Policyโ strict, no inline eval
What stays on your machine
You can wipe all local state at any time:
# Trim memory to last 500 items
node apps/cli/dist/index.js memory compact
# Nuclear: wipe everything
rm -rf ~/.openvesper/workspaceReporting security issues
If you find a security issue, please report it privately first:
- Open a GitHub security advisory at
github.com/openvesper/openvesper/security/advisories/new - Do not disclose publicly until we've had 14 days to respond
Audit your install
Because OpenVesper is open source, you can verify these claims yourself. A few specific things you can grep for:
# Check for hidden telemetry endpoints
grep -rn "analytics\|telemetry\|tracking" packages/
# Check for any HTTP POSTs to openvesper.com
grep -rn "openvesper.com" packages/ apps/
# Check for wallet key requests
grep -rn "private_key\|seed_phrase\|mnemonic" packages/All three should return no production code matches (only the negative references in this docs).
What's next?
- Sandboxing โ how filesystem and shell tools are bounded
- Configuration โ env vars and settings
- Sessions & Memory โ opt-in persistence