Product Security
Built secure, shipped secure, kept secure.
Studio's product-security posture spans the build (secure SDLC), the runtime (Tauri sandboxing, sidecar IPC, BYO providers), and the maintenance loop (daily scans, release security gate, responsible disclosure).
Commitments
- Tauri-native runtime
Studio runs in a Tauri shell — capability-scoped IPC between WebView and Rust backend, no Electron-style full Node access in the renderer.
- Sandboxed sidecars
Python and Rust sidecars run as separate processes; communication via authenticated IPC. Process isolation bounds the impact of any single component compromise.
- Local-first secrets
Credentials are stored in OS keychain by default with an encrypted file fallback at ~/.peerai/credentials.json. Path safety is enforced via core/path_safety.py.
Data security - BYO LLM, BYO database
No PeerAI-side proxy or aggregator. Customer credentials connect directly to customer-selected services.
AI Security - SHA-pinned CI actions
All GitHub Actions in security-relevant workflows are pinned by SHA, not by tag. Documented in dev-guide and audited per release.
- Per-release security gate
Lockfile-focused grype scans on 9 targets must pass before any release tag.
Continuous monitoring
Evidence
- Daily vulnerability scans
grype + pip-audit + cargo-audit + bun pm audit + continuous Aikido.
Vulnerability rollup