LocalPilot is designed with security, safety, and trust as first‑class concerns. This document explains the security model, threat assumptions, and responsible disclosure process.
LocalPilot follows a defensive-by-design approach:
- LLMs are never trusted with direct file modifications
- All changes are validated using Git before application
- Unsafe or ambiguous operations fail closed, not open
If LocalPilot cannot prove a change is safe, it will not apply it.
- LLM hallucinated or malformed code
- Incorrect file targeting
- Partial or corrupt patch application
- Accidental developer mistakes
- Concurrent file modification during refactor
- Malicious local users with direct filesystem access
- Compromised Git binaries
- OS-level attacks
LocalPilot enforces three hard guarantees:
- All diffs are system-generated
- File paths are validated and normalized
- Multi-file patches are rejected
- All patches are checked using:
git apply --check
- Invalid patches are never applied
- No refactor is applied without developer confirmation
- No background or silent writes
When a security condition fails:
- The operation is aborted
- The repository remains unchanged
- The developer is notified with context
There are no partial writes.
Recommended security validation:
- Run LocalPilot only inside Git repositories
- Use version control hooks if needed
- Review diffs before applying
Future plans include:
- Read-only / dry-run modes
- CI enforcement workflows
If you discover a security vulnerability:
- Do not open a public issue
- Contact the maintainer privately
- Provide:
- Description of the issue
- Steps to reproduce
- Impact assessment
Security issues are treated with priority.
LocalPilot is built for engineers who value correctness over convenience.
Security is not a feature — it is the foundation.