​

Security Overview

Fased is a self-hosted agent runtime. Treat it like a local server with access to chats, tools, credentials, files, wallets, and optional remote nodes. The conservative setup keeps each capability behind a separate gate: connect the service, allow the Agent to use the tool, then approve sensitive actions when needed.

​

Normal Setup Surfaces

Use the selected Agent first:

• Agent > Models: connect provider auth and choose this Agent’s primary, fallback, and task models.
• Agent > Channels: configure chat apps and route messages to this Agent.
• Agent > Services: connect API services such as web search, GitHub, Gmail, media, and custom APIs.
• Agent > Skills: review/install skills, configure values, install dependencies, test loading, and allow the skill for this Agent.
• Agent > Tools: grant or block this Agent from using tools that already exist.
• Agent > Memory: inspect session-memory status and roots for this Agent.
• Agent > Tasks: schedule work that runs as this Agent.

Operator surfaces are separate:

• Usage: local token and cost history.
• Logs: gateway log tail.
• Advanced: Config, Debug, and Nodes tabs for raw settings and diagnostics.

​

Remote Access

Preferred modes:

• Local-only: bind to loopback and open http://localhost:18789.
• Private remote: use Tailscale or an SSH tunnel.
• Public hosting: require gateway auth, TLS in front of the gateway, and firewall rules that expose only the intended port.

Avoid binding the gateway to a public interface without auth. If you need remote browser access, keep Token or Password auth enabled and use Tailscale/private networking where possible. Related docs:

• Security Test Report
• Threat Model Atlas
• Formal Verification
• Gateway Security
• Remote Access
• Tailscale
• SecretRef Matrix
• Install

​

Service Credentials

Service credentials connect an API. They do not automatically grant every Agent access. Use:

• Agent > Services for normal service setup and tests.
• Environment-backed secret refs when you do not want keys stored directly in config.
• Agent > Tools to decide whether the selected Agent can use the resulting tool.

Avoid pasting secrets into chat, workspace files, skill instructions, or screenshots. Advanced Config is the raw escape hatch for fields that do not yet have a friendly page.

​

Skills And Plugin Discovery

A skill is a SKILL.md instruction package plus optional configuration and dependencies. Installing a skill means Fased has the skill file in the library or workspace. It does not mean the dependency binary, API key, wallet access, or Agent access is ready. Conservative flow:

1. Review the source: bundled, workspace, or plugin catalog.
2. Install or copy the skill file.
3. Configure skill values in Agent > Skills.
4. Install dependencies only after reviewing the package manager, exact command, pin/integrity state, and PATH target.
5. Verify dependency health after install; command success is not enough if the binary is not visible to the gateway.
6. Allow the skill for the selected Agent.
7. Grant tools or wallets separately when needed.

Plugin review should happen before files are written or made available. Review archive layout, SKILL.md, requested permissions, dependency installers, suspicious files, and update-risk changes. Skills can be malicious even when they are only text instructions, because they can steer the Agent toward dangerous tool use. Related docs:

• Security Test Report
• Skills
• Skills Config
• Wallet roles and policies
• API Usage and Costs

​

Wallets, Mining, And Skill Grants

Wallet access is intentionally separate from skills and tools.

• Wallet setup and approvals live in Wallets.
• Generic wallet-capable skills can only use Agent-role wallets that you explicitly allow.
• Mining and vault wallets are not available to generic skills.
• SAT mining uses the dedicated mining runtime and mining wallet policy.
• A skill install, plugin review, or Agent skill allowlist change does not grant wallet access.

For wallet-capable skills, use Wallets > Skill Grants after review. Grant only the actions, wallet ids, chains, caps, and automation level required for the workflow. Fased’s default custody path is a role-separated self-hosted signer:

• fased-signerd owns signer-side material and signing operations.
• the Gateway runtime owns policy, approvals, Agent routing, and audit state.
• skills and plugins request wallet work through policy-mediated tools instead of receiving raw keys, seed phrases, keystores, or signer master credentials.

This is different from a generic hosted wallet provider. Hosted or MPC providers can be useful optional adapters, especially for managed recovery, but they move custody, recovery, provider credentials, and some policy semantics outside the local signer boundary. If you use one, keep Fased role policy, Agent tool policy, Wallet > Skill Grants, approval state, and audit as the controlling layer above it. Related docs:

• Wallets
• Self-hosted wallet signer
• Wallet Autonomous Security
• SAT Mining

​

Public Launch Checklist

• Gateway auth enabled for any non-loopback access.
• Remote access uses Tailscale, SSH tunnel, or a locked-down reverse proxy.
• Agent models, channels, services, skills, tools, memory, and tasks configured per Agent.
• Skills reviewed before install; dependency installers reviewed and verified after install.
• Wallet skill grants are narrow and separate from mining/vault roles.
• Logs and Usage reviewed after setup smoke tests.
• Threat model and security-test-report claims reviewed for the current release.
• Advanced > Debug and Advanced > Nodes treated as operator/admin diagnostics, not first-run setup.
• Run the public launch checks in Full release validation.

​

Reporting Vulnerabilities

Use the repository security policy:

• SECURITY.md

Do not post secrets, private infrastructure details, or live exploit material in public issues.