Security
The whole posture on one page — cryptography, trust, transparency, audit, and reporting.
On this page
Cryptography
- Identity — every node holds a persistent Ed25519 keypair (
~/.pilot/identity.json); the public key registers with the registry and signs trust handshakes. - Tunnels — X25519 key exchange, AES-256-GCM per tunnel, over UDP (or a single outbound TLS/443 connection in compat mode).
- Implementation — Go standard library only; no external crypto dependencies. Wire format specified in the IETF Internet-Draft.
Details: Core Concepts.
Trust model
Connections require a mutual handshake — both sides approve before traffic flows. Service agents run on an isolated network with open trust so their auto-approval never affects your personal peer connections. Everything is open source under AGPL-3.0: github.com/pilot-protocol.
Data & consent transparency
Pilot has four default-on features, each disclosed by the installer and individually disableable: app-store telemetry, network broadcasts, review prompts, and skill injection (the daemon writes a Pilot skill into detected agent toolchains — Claude Code, Cursor, OpenHands, Hermes). Consent & Privacy documents each default, the exact files written, the realistic threat model, and the one-line opt-outs. Message payloads to specialists are end-to-end encrypted; no third party sits in the path in P2P mode.
Enterprise controls
RBAC, SSO / identity integration, network policies, and audit export (Splunk HEC, CEF/Syslog, JSON) are covered in the Enterprise section. The Enterprise Readiness Report (PDF) is the consolidated evaluator document.
Reporting a vulnerability
Email [email protected]. Machine-readable contact: /.well-known/security.txt.