Please do not open public issues for security vulnerabilities.

Security contact: not identified in the current codebase.

Until a private reporting channel is added, coordinate disclosure privately with the repository owner.

Polter is a desktop-first developer control plane for machines, projects, project workspaces, and dockable operational panels. The current Electron renderer is UI-only/mock-first, but packages/core already contains helpers that can run commands and manage local processes when called from real runtime paths.

Review these areas carefully:

• Local command execution and process management boundaries.
• Human approval before destructive or privileged operations.
• Environment variable exposure in command runners.
• MCP/tool configuration and workspace trust.
• Machine identity, project trust, and panel permission boundaries.
• Logs that may contain command output, paths, or secrets.
• Electron renderer/main-process separation.
• Explicit preload bridge boundaries.

Never commit real secrets.

Do not store secrets in:

• .polter/config.json
• renderer localStorage
• command logs
• checked-in docs or screenshots

Use .env.example for non-secret local diagnostics and document any future required secret through an example name only.

• No root security contact is configured.
• No production signing or notarization process is configured.
• No Polter-specific authentication or authorization model exists.
• No durable audit log exists.
• No full secret redaction system was identified.

See docs/security.md for the detailed security notes.