Skip to content

feat: harden local privacy defaults#15

Merged
jb-thery merged 1 commit into
mainfrom
feat/privacy-hardening
Jun 28, 2026
Merged

feat: harden local privacy defaults#15
jb-thery merged 1 commit into
mainfrom
feat/privacy-hardening

Conversation

@jb-thery

@jb-thery jb-thery commented Jun 28, 2026

Copy link
Copy Markdown
Member

Summary

  • add local-only Ollama network policy by default
  • redact common sensitive identifiers before indexing
  • add metadata-only access logs and security-audit reporting
  • add destroy-index command for generated vector storage removal
  • harden MCP with bounded retrieval and security audit tool
  • generate release verification artifacts: npm tarball, SHA256SUMS, CycloneDX SBOM, manifest
  • document threat model, air-gapped operation, zero telemetry, MCP hardening, RBAC limits, and secure deletion limits
  • bump package to 0.3.0

Validation

  • pnpm validate
  • shasum -a 256 -c SHA256SUMS in release-artifacts/
  • node dist/cli.js security-audit --json
  • node dist/cli.js destroy-index refuses deletion without --yes

@jb-thery jb-thery merged commit 82fd9d8 into main Jun 28, 2026
5 checks passed
@jb-thery jb-thery deleted the feat/privacy-hardening branch June 28, 2026 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jb-thery