|Docs

Security

Sume CLI is designed for agent use, but CLI output can still contain sensitive or user-owned data. Treat all auth, upload, job, and media output carefully.

Secrets

Never print or commit:

  • SUME_API_KEY;
  • local ~/.sume/config.json;
  • login URLs or user codes;
  • signed upload URLs;
  • storage object keys;
  • upload headers;
  • raw provider payloads.

Use environment variables or secret managers for automation:

Local config

The default config file is:

Use an isolated config directory for disposable environments:

Before snapshotting a reusable sandbox:

Signed upload URLs

sume uploads presign returns a temporary storage upload_url. Treat it as a secret-like value.

When uploading bytes:

  • send only the returned required_headers;
  • do not send the Sume API Authorization header to storage;
  • do not log the full upload_url;
  • do not log object_key unless engineering specifically asks for it.

Media URLs

Sume job and asset results may include public media URLs scoped to Sume output. They are still user data.

When reporting results:

  • summarize media counts and file types;
  • use local downloaded filenames rather than full remote URLs;
  • redact query strings and private identifiers;
  • avoid dumping large raw result payloads.

Paid/provider operations

These commands can spend credits or create provider work:

  • sume images generate
  • sume videos generate
  • sume ads videos create
  • sume face-swap create
  • sume reference-analysis create
  • sume assets finalize when it starts Asset Library processing

Agents should:

  1. confirm user intent;
  2. check sume credits --json;
  3. run one bounded job first when testing;
  4. stop on API/provider errors instead of retrying blindly;
  5. report job ids and sanitized error codes, not raw provider payloads.

MCP gates

Default MCP is read-only:

Mutating non-paid tools require:

Paid/provider tools require:

Only enable write or paid gates in MCP hosts that have an explicit human approval model.

Agent reporting rules

Agent final reports should include:

  • what command was run;
  • whether it was read-only, write, or paid/provider;
  • sanitized status/result summary;
  • job ids only when useful for follow-up;
  • local output paths if files were downloaded.

Agent final reports should not include:

  • API keys;
  • live login URLs/codes;
  • signed upload URLs;
  • storage object keys;
  • raw emails;
  • workspace/user ids;
  • full private media URLs;
  • raw provider payloads.