Only the latest minor release receives security fixes. FreeRide is pre-1.0 and ships frequently — pin a version and upgrade often.
Do not open a public GitHub issue for security problems.
Email shaivpidadi@gmail.com with:
- The vulnerability and how to reproduce it
- The version of
freeride-gatewayyou're running (freeride --version) - Any logs or PoC code
You'll get an acknowledgement within 72 hours. If the issue is confirmed, we'll coordinate a fix and a disclosure timeline before publishing.
- The
freeride-gatewayPyPI package and thefreerideCLI - The Cloudflare Worker at
services/telemetry/(running attelemetry.free-ride.xyzandfree-ride.xyz) - The install script at
https://api.free-ride.xyz/install.sh
- Bugs in upstream provider APIs (OpenRouter, Groq, NVIDIA NIM, Cloudflare Workers AI, HuggingFace) — report those to the provider.
- Issues in agent clients that bind to FreeRide (Aider, Continue, OpenClaw, Hermes) — report those to the agent project.
- Local exploits that require write access to the user's home directory (FreeRide reads its config from
~/.freeride/).
FreeRide ships with default-on aggregate telemetry. The exact payload is documented in README.md and shown to the user via a one-time disclosure banner before it's ever sent. Prompts, completions, model IDs, API keys, hostnames, and IPs are never sent. The Cloudflare Worker that receives the beacon does not log cf-connecting-ip.
If you find a way to make FreeRide leak content it shouldn't, that's a security issue — please report it as above.
Every state file under ~/.freeride/ is written via core.state.atomic_write, which sets file mode 0o600 (owner read/write only). On multi-user systems, no other user can read these files even if your home directory is otherwise readable. POSIX-only — Windows uses ACLs; the chmod call is best-effort there.
| File | Contents | Mode | Notes |
|---|---|---|---|
~/.freeride/cooldown.json |
Per-provider cooling state. Contains raw provider API keys as JSON object keys (so a 429 on key1 doesn't bleed into key2). | 0o600 |
Tightened on next write if pre-existing. |
~/.freeride/.env |
Generated by freeride init. Provider API keys in dotenv form. |
0o600 |
Optional — only if you ran freeride init. |
~/.freeride/config.json |
Telemetry preference, first-run banner flag. | 0o600 |
No secrets. |
~/.freeride/events.jsonl |
Live failover event log for freeride watch. |
OS umask | No secrets. Stores provider name, key INDEX (not value), model id, status, timing. Caps at 1 MiB with single-backup rotation. Disable with FREERIDE_EVENTS=0. |
Per-key health is in-memory only. Keys are stored as SHA256 prefixes (12 chars), never as raw values, and the tracker is process-local — restarting the gateway resets all health stats.
Third-party providers ship as separate pip packages and register via the freeride.providers entry-point group. Plugins run in-process. There is no sandbox. You opt into a plugin's code path by pip install-ing the package — the same trust model as any Python dependency. Always verify the plugin author and source before installing.
The registry will skip plugins that:
- Fail to import
- Don't declare
api_version = 1 - Raise during
__init__(the canonical "I'm not configured, skip me" path —CloudflareWAIProviderraisesValueErrorwhenCLOUDFLARE_ACCOUNT_IDis missing, for example)
A failed plugin never blocks startup. It logs once and the gateway continues with the remaining providers.
- The gateway listens on
localhost:11343by default. Anyone on your machine can hit it. If you run multi-user OS, lock down with a firewall or--host 127.0.0.1(the default; the binding is loopback-only). freeride watchreadsevents.jsonldirectly. It doesn't expose secrets, but mid-stream errors can include short upstream messages — keep an eye out if you publish your terminal recording.
- The fact that pip installing a third-party FreeRide plugin runs that plugin's code. Don't install plugins from sources you don't trust.
- The fact that the gateway's localhost port has no auth. It's a local proxy; if a hostile process is running as your user, you have bigger problems than FreeRide.