Leyou Studio

Trust & Security

Code Signing Policy

This page documents how Leyou Studio builds, signs and distributes its desktop applications. It is published in fulfilment of the SignPath Foundation conditions for open source projects and as a transparency commitment to our users.

Last updated: 2026-05-25 Applies to: Auctus Agent Open source · AGPL-3.0

Attribution

Code signing provider

Free code signing provided by SignPath.io, certificate by SignPath Foundation.

The private signing key is generated and stored on SignPath's Hardware Security Module (HSM). Leyou Studio does not have direct access to the private key — every signing operation is performed on SignPath infrastructure, requiring explicit approval by an authorised team member.

Scope

What we sign

The following binaries are covered by this policy:

  • Auctus Agent (Windows) — the Windows executable bundled inside Auctus-Agent-win-standalone-v*.zip, distributed from the official download page.

Binaries for macOS are currently distributed unsigned. Apple Developer ID signing for macOS is tracked as a separate workstream and is not covered by SignPath Foundation.

We only sign binaries we built ourselves from source code in our public repository. We do not re-sign third-party binaries.

Team Roles

Who can do what

Auctus Agent is currently a single-maintainer project. All three SignPath roles are held by the same person, which is permitted under the SignPath Foundation terms for small projects. The maintainer uses multi-factor authentication for both GitHub and SignPath.

A

Authors

Trusted to modify source code in the auctus-agent repository.
Current authors: @ddjiang327 (David Jiang).

R

Reviewers

Review and approve pull requests from non-committers. As a single-maintainer project, external contributions are reviewed by the maintainer before merging.
Current reviewers: @ddjiang327.

S

Approvers

Authorise each individual signing request inside SignPath before a signed binary is produced.
Current approvers: @ddjiang327.

When additional maintainers join the project, this page will be updated within seven days of the change.

Build & Signing

How a signed release is produced

Signed releases are produced exclusively by an automated GitHub Actions pipeline. No release artifact is built on a developer's local machine and then signed.

  1. A maintainer pushes a Git tag in the form v0.1.x on the main branch of github.com/ddjiang327/auctus-agent.
  2. GitHub Actions runs the release workflow on a fresh Windows runner: it checks out the tagged commit, installs declared dependencies, builds the standalone bundle with PyInstaller, and produces the unsigned .exe.
  3. The unsigned artifact is uploaded to SignPath via the official signpath/github-action-submit-signing-request action.
  4. An authorised approver reviews the build metadata (commit SHA, workflow run URL, artifact name) inside SignPath and explicitly approves the signing request.
  5. SignPath returns the signed binary. GitHub Actions packages it into the release ZIP and uploads the ZIP to the website's /assets/downloads/ path.

The exact workflow file lives at .github/workflows/release.yml in the public repository and is reviewable on GitHub.

Privacy

Privacy statement

This program will not transfer any information to other networked systems unless specifically requested by the user.

Auctus Agent runs entirely on the user's computer. It does not collect telemetry, analytics, or crash reports by default. Network requests are only made when:

  • The user explicitly chooses to connect to the hosted Auctus API and signs in to their account.
  • The user configures a third-party model provider (e.g. OpenAI-compatible endpoint) and Auctus Agent forwards the user's request to that provider.
  • The user explicitly triggers an update check.

The installer and launcher do not display third-party advertisements, do not bundle additional software, and do not modify system configuration without user consent. Uninstallation is performed by removing the extracted folder.

Verification

Verifying the signature

You can verify the signature on a downloaded build before running it:

Windows (PowerShell):

Get-AuthenticodeSignature .\Auctus-Agent.exe | Format-List

A valid signature shows Status: Valid and a SignerCertificate issued by SignPath Foundation. If the status is anything other than Valid, do not run the binary and report the issue to the contact address below.

You can also right-click the .exePropertiesDigital Signatures tab to inspect the certificate chain visually.

Contact

Reporting issues

If you suspect a Leyou Studio binary has been tampered with, distributed from an unofficial source, or signed without authorisation, please contact us immediately:

You may also report abuse of a SignPath Foundation certificate directly to SignPath at support@signpath.io.

Compliance

Standards we follow

  • SignPath Foundation Open Source conditions.
  • OSI-approved license: GNU AGPL-3.0, without commercial dual-licensing.
  • No proprietary or closed-source components are included in the signed desktop binaries.
  • All maintainers use multi-factor authentication on GitHub and SignPath.