This project is a local proxy that runs on your own machine. It is not a cloud service. The attack surface is your local network — port 443 (TLS proxy) and port 4000 (HTTP dashboard).

The dashboard on port 4000 is open to anyone on your local network unless you configure credentials. Set DASHBOARD_USER and DASHBOARD_PASSWORD in .env (or via the Config tab) to enable basic auth.

By default the proxy listens on 0.0.0.0:443, not just 127.0.0.1:443. This means it is reachable from your LAN. If you only need local access, add a firewall rule to block external access to port 443.

Your provider API keys live in proxy/.env in plaintext. The file is gitignored but exists unencrypted on disk. Do not store this on shared or untrusted machines.

The proxy uses a self-signed cert that must be trusted by your OS/browser. The trust is install-time only — it cannot intercept other HTTPS traffic on your machine.

When CONTEXT_STRIP_MODE=passthrough, the full Antigravity request body (including your prompts, skills, and rules) is forwarded verbatim to the configured AI provider. In strip mode (default), only the user's actual request and metadata are forwarded — the full identity/skills/plugins context is replaced with a compact reference.

This is a personal/community tool, not a commercial product.

If you find a genuine security issue (e.g., the proxy can be exploited to exfiltrate API keys, or a dependency has a known CVE):

1. Do not open a public GitHub issue.
2. Open a GitHub Security Advisory on this repo (private by default).
3. Include a clear description of the vulnerability, reproduction steps, and potential impact.

I'll respond within 7 days. If the issue is valid, I'll fix it and coordinate a disclosure timeline with you.

• Issues requiring physical access to your machine
• Issues in Antigravity Desktop itself (not this project)
• Rate-limiting or quota abuse of AI providers (that is between you and the provider)