Skip to content

Latest commit

 

History

History
38 lines (29 loc) · 2.02 KB

File metadata and controls

38 lines (29 loc) · 2.02 KB

Security Policy

LodeDB is a local-first, in-process library: it runs inside your own application, stores its index on local disk, and makes no outbound network calls except a one-time Hugging Face download of embedding-model weights. There is no hosted LodeDB service to attack remotely — the security surface is the library running on your machine.

Reporting a vulnerability

Please report security issues privately — do not open a public GitHub issue.

We aim to acknowledge a report within 5 business days and to share a remediation timeline after triage. Please give us a reasonable window to ship a fix before public disclosure; we're happy to credit reporters who want it.

Supported versions

LodeDB is pre-1.0. Security fixes target the latest released 0.x version only. Pin a version and watch releases until a stable line is published.

Scope and operational notes

  • The bundled dev server (lodedb serve) is unauthenticated. It binds to loopback by default and may intentionally bind to a private/RFC1918 address for trusted-LAN use, but must not be exposed to public or untrusted networks. The MCP server (lodedb mcp) runs over stdio and inherits the local process boundary.
  • Original document text is retained by default in a local .tvtext sidecar. Treat that directory as sensitive, or open the database with store_text=False to keep no text on disk. See docs/architecture.md for the persistence / payload boundary.
  • The vendored TurboVec core under third_party/turbovec/ is upstream MIT code. Issues specific to upstream TurboVec are best reported to that project, but feel free to flag anything you find through the channels above and we'll help coordinate.