Security

No public registration. One password owns the app. LAN access requires the password every time; only loopback (127.0.0.1) bypasses it.

Plaintext is shown once at install and immediately discarded. Only the argon2id hash is stored on disk in .env.local (mode 600).

HMAC-SHA256 over a {iat, exp, v} payload. httpOnly, sameSite=strict, secure in production, 30-day TTL.

5 failed attempts per IP / 15 minutes triggers a 30-minute lockout. Audited.

All login attempts, logouts, and tool invocations append to data/audit.log (mode 600).

HTTP is upgraded to HTTPS, HSTS is emitted with includeSubDomains + preload. Skipped on localhost.

Content-Security-Policy, X-Frame-Options DENY, Referrer-Policy strict-origin-when-cross-origin, Permissions-Policy denying camera/mic/geo, X-Content-Type-Options nosniff, no X-Powered-By.

Only http/https. DNS-resolved targets in RFC1918, loopback, link-local, or CGNAT are rejected before the fetch fires.

Server refuses to start if Vercel/GA/PostHog/Segment env vars are present. Next.js telemetry is disabled.

Chat history is stored in your browser's localStorage by default. Server-side encrypted history is opt-in (AES-256-GCM keyed off OWNER_SESSION_SECRET).

`npm run backup` produces an AES-256-GCM .zip of chat history + settings. Decryption requires the owner password.

Client-side idle timer logs you out after 15 minutes of inactivity (configurable). Adds friction even on a trusted machine.

Faint diagonal watermark over chat content with owner + timestamp. Forensic if a screencap leaks. Toggle in Settings.

Scaffolded but disabled in v1. The hooks are in place to add a second factor before unlock.

Static-asset SRI verification is documented as a v2 hardening step; Next 16's hashed asset URLs already provide cache-busting integrity.

Documented path to expose V10M over a hidden service for ultra-private remote access. v2.