If you find a security vulnerability, email andre@kostynowicz.com.

Do not open a public GitHub issue for security vulnerabilities.

agent-circuit is middleware that sits between your agent and its tools. It does not make network requests, store credentials, or access external services. The primary security considerations are:

• State files (.agent-circuit/state.json) contain tool names and error messages. Add .agent-circuit/ to .gitignore.
• Fingerprints are SHA-256 hashes of tool arguments. Raw arguments are not stored.
• Error messages from failed tool calls are stored as plain text in stats and state files. Do not pass sensitive data as tool arguments if you use persistence.