Security
CrispyVibe is code-signed and notarized by Apple. All updates are verified with EdDSA signatures via Sparkle before installation.
Workspace integrity
- VibeSpace and project config files are HMAC-SHA256 signed
- If a config file is modified outside the app, CrispyVibe detects tampering on next load
- Tampered configs: the VibeSpace still opens (name, projects, colors visible) but startup commands are disabled
- A non-dismissable alert identifies the affected VibeSpace
- To restore: open VibeSpace Settings, review the configuration, and save (this re-signs the file)
Credential storage
- HMAC signing keys stored in macOS Keychain (scoped to app bundle ID)
- Authentication tokens (Cognito) stored in data-protection Keychain with
afterFirstUnlockThisDeviceOnlyaccessibility - SSH keys: key-based authentication only (no password auth); keys managed by system ssh-agent
SSH remote security
- Host key validation via
ssh-keygenagainstknown_hosts - ControlMaster multiplexing with
BatchMode=yes(no interactive prompts) - File operations enforce project root boundary — attempts to escape return permission denied
Agent CLI security
- The control socket is owner-only (
0600) — only processes running as the same local user can connect - All file commands enforce project root boundary (including symlink resolution)
- Separate app instances use isolated sockets, preventing cross-instance access
- On remote (SSH) projects, the CLI is relayed over the SSH connection (per-connection opt-in); the forwarded socket is owner-only on the remote host
Terminal Insights
Terminal Insights validates screen visibility before recording input. When you type at a hidden prompt (sudo, ssh, read -s, GPG passphrase), the terminal disables echo — the typed text never appears in the render buffer and is never captured in command history or context summaries.
Reporting vulnerabilities
Email hello@crispyvibe.com. Do not open public issues for security vulnerabilities. Response within 48 hours.
🚨 Warning: Do not sign into sensitive accounts in browser panels shared with AI agents. Agents with browser access can read cookies and storage via eval.
Threat models
Each feature has a published threat model documenting attack vectors, impact assessments, and mitigations:
| Area | Threat model |
|---|---|
| Terminal Sessions | terminal/sessions-and-tabs |
| Terminal Insights | terminal/context-summary |
| Scroll Assist | terminal/scroll-assist |
| Agent CLI | platform/agent-cli |
| Browser | platform/browser |
| SSH Remote | remote/ssh-remote |
| Remote Agent CLI | remote/remote-agent-cli |
| Authentication | platform/authentication |
| File Explorer | explorer/file-explorer |
| AI Agents (ACP) | ai-agents/acp |
| VibeCast | ai-agents/vibecast |
| App Updates | platform/app-updates |