Synced package doc
Docs/prompts-gpt Package/Security

Security

Security considerations when using prompts-gpt.

Credential Storage

Token Storage

Tokens are stored in .prompts-gpt/.credentials.json:

{
  "token": "pgpt_abc123",
  "apiUrl": "https://prompts-gpt.com"
}
  • File permissions set to 0600 on Unix (owner read/write only)
  • Auto-added to .gitignore on creation
  • Never committed to version control

Token Security

  • Tokens must start with pgpt_ prefix
  • The SDK refuses to send tokens over unencrypted HTTP (except localhost)
  • Tokens are validated before API calls

Permission Auto-Fix

If the credentials file has overly permissive permissions, the SDK automatically tightens them to 0600 on load.

Git Safety

Destructive Git Operations

By default, prompts-gpt blocks destructive git operations during execution:

{
  "disallowDestructiveGit": true
}

Blocked operations:

  • git stash
  • git reset --hard
  • git checkout --force
  • git clean -fd

Override with --allow-destructive-git flag.

Sandbox Modes (Codex)

ModePermissions
workspace-readRead-only access to workspace
workspace-writeRead/write to workspace files
full-autoUnrestricted access
prompts-gpt run task.md --provider codex --sandbox workspace-read

Permission Modes (Claude)

ModePermissions
defaultPrompts for each action
acceptEditsAuto-accepts file edits
bypassPermissionsUnrestricted
prompts-gpt run task.md --provider claude --permission-mode acceptEdits

Network Security

HTTPS Enforcement

The SDK enforces HTTPS for all API communication:

const client = new PromptsGptClient({
  apiUrl: "http://example.com",  // Rejected (not HTTPS)
  apiUrl: "http://localhost:3000",  // Allowed (localhost exception)
  apiUrl: "https://prompts-gpt.com",  // Allowed
});

Request Timeouts

All requests have configurable timeouts with a maximum cap:

  • Default: 30 seconds
  • Max: 600 seconds (10 minutes)
  • Generate endpoint: 60 seconds

Data Privacy

What is Sent to the API

  • Project token (for authentication)
  • Prompt query parameters (for sync/pull)
  • Generation input (goal, context) for generate command

What is NOT Sent

  • Source code
  • Agent output
  • Run artifacts
  • Local configuration
  • Environment variables

Offline Operation

Many commands work entirely offline:

  • run, run-batch, sweep, orchestrate — local execution only
  • doctor, status, validate — local checks
  • diff, list — local file inspection

Commands that require API access:

  • sync, pull — fetch prompts from API
  • generate — AI-powered prompt generation
  • init — token validation

CI/CD Security

Token as Secret

Always store tokens as CI secrets:

# GitHub Actions
env:
  PROMPTS_GPT_TOKEN: ${{ secrets.PROMPTS_GPT_TOKEN }}

Prefer PROMPTS_GPT_TOKEN in the remote environment over committing or baking .prompts-gpt/.credentials.json into the runner image.

Remote Readiness Audit

Before turning on a remote runner, validate the environment:

prompts-gpt doctor --remote

This checks:

  • Non-interactive execution readiness
  • Secret-based token presence
  • Safe API URL usage
  • Provider auth environment variables
  • Destructive git protection
  • Artifact directory gitignore coverage
  • Local credential file leakage risk

Minimal Permissions

Use the least permissive provider settings in CI:

prompts-gpt run task.md --provider codex --sandbox workspace-read

See Also

Security | prompts-gpt Documentation for Prompts-GPT.com | Prompts-GPT.com