Security Policy
Supported versions
The project is pre-1.0. Until v1.0.0 ships, only the latest minor receives security updates.
| Version | Supported |
|---|---|
| latest | yes |
| older | no |
Reporting a vulnerability
Do not open a public issue for security vulnerabilities.
Report privately by emailing johnny.iv.young@gmail.com with the subject line [security] electron-stagewright.
Please include:
- A description of the vulnerability and its potential impact.
- Steps to reproduce, or proof-of-concept code.
- Affected version(s).
- Your suggested remediation, if any.
You'll receive an acknowledgment within 5 business days. We aim to provide a disclosure timeline within 14 days of acknowledgment.
Disclosure policy
We follow coordinated disclosure:
- Confirm the vulnerability and assess severity.
- Develop a fix in a private fork or branch.
- Coordinate a release date with the reporter.
- Publish a security advisory via GitHub Security Advisories (with CVE if applicable).
- Credit the reporter in the advisory unless they prefer to remain anonymous.
Threat model
The full threat model — assets, trust boundaries, threats and their mitigations, and the residual risks — is published at docs/guides/security-model.md, and the overall posture is recorded in ADR-014.
In one line: the server is a privileged local tool, not a sandbox. It runs with your OS privileges and, under --allow-eval, executes arbitrary JavaScript in the app under test, so only a trusted agent host should invoke it — over the default local stdio transport. Key concerns:
electron_eval_main/electron_eval_rendererallow arbitrary JS in the app. They are default-deny (unregistered without--allow-eval) with a keyword blocklist and a result cap; the blocklist is defence-in-depth, not a complete control.- The
productionplugin reads signed.appbundles and updater feeds. It may return bounded local evidence such as a signing authority in the tool result, but it does not upload that data anywhere. - The
traceplugin writes session artifacts to disk, and theipcplugin returns captured channel payloads to the agent; configureredactfor structured argument/payload fields, and treat screenshots, console output, and tool results as sensitive.
See the threat model for the full analysis and a deployment checklist.