Security

Longhand's threat model, trust boundaries, and hardening live in SECURITY.md in the main repo. That's the canonical document — this page is a summary and a pointer.

TL;DR

Local-only. No network calls from the core pipeline. Your data never leaves your machine.
No subprocess execution. Longhand never shells out based on content from JSONL files.
Parameterized SQL everywhere. No string concatenation in queries. Every filter goes through bind parameters.
Read-only on source files. ~/.claude/projects/ is never written to.
Fail-open hooks. A Longhand crash doesn't block Claude Code.

What's defended against

Command injection
SQL injection
Path traversal
OOM via oversized input

What's explicitly out of scope

Filesystem read access for a user who already controls the machine
Malicious MCP client
Secrets in prompts that get written to JSONL

Input bounds

For auditors

Full audit notes, trust boundary diagrams, and parameterized-SQL guarantees are in SECURITY.md. If you find something, open an issue or contact the maintainer directly.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security

Security

TL;DR

What's defended against

What's explicitly out of scope

Input bounds

For auditors

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Start here

Reference

Internals

Project

Clone this wiki locally