Security

Last updated: March 2026

JamJet is designed so the runtime stays under your control: local execution, local state, local audit logs, and no runtime telemetry back to us.

About JamJet

JamJet is the open-source safety layer for AI agents, built in Rust. It provides policy checks, audit trails, human approval, crash-safe execution, checkpoint replay, and cost limits — without cloud or framework lock-in. The project is developed and maintained by JamJet Labs.

License

JamJet is released under the Apache License 2.0. The source code is publicly available on GitHub.

Responsible Disclosure

If you discover a security vulnerability in JamJet, we ask that you report it responsibly. Please do not open a public GitHub issue for security vulnerabilities.

Report vulnerabilities to: [email protected]

We aim to acknowledge reports within 48 hours and provide a fix or mitigation within 7 business days depending on severity. We will credit reporters in our release notes unless anonymity is requested.

Security Practices

• All runtime execution is local — no data is sent to external servers
• Workflow state and audit logs remain on your infrastructure
• No telemetry, no phone-home, no tracking in the runtime
• Dependencies are monitored for known vulnerabilities
• The website does not use cookies or collect personal data

Contact

General inquiries: [email protected]
Security issues: [email protected]