Security: saadixsd/PatternLoop
Security
Data directory default: ~/.patternloop (override with PATTERNLOOP_HOME or XDG_DATA_HOME/patternloop).
LoopSpecs and run logs stay on your machine unless you explicitly export a .agent bundle.
Do not put API keys inside LoopSpec YAML. Connectors read environment variables (e.g. ANTHROPIC_API_KEY, PATTERNLOOP_N8N_HMAC_SECRET).
Logs apply redaction for common secret patterns. Treat logs as sensitive anyway.
Claude and n8n are disabled by default . Enabling them requires editing config.yaml under your data root.n8n webhooks can include an HMAC header when a secret is set.
Filesystem tools are restricted to allowlisted roots (CLI --workdir).
Bash / writes are off unless explicitly enabled in config.
None by default in this repository build.
Open an issue for suspected vulnerabilities; avoid posting reproduction traces that contain secrets.
There aren't any published security advisories
You can’t perform that action at this time.