Security

Callipso is local-first. Your voice, your code, your session data stays on your machine. No cloud processing, no telemetry of session content, no third-party access to your work.

Core Principles

Local-first

Voice transcription, session data, and terminal communication never leave your machine unless you enable fleet mode.

Encrypt by default

Sensitive data is encrypted at rest using AES-256-GCM with keys stored in the OS keychain.

Validate at every boundary

Every IPC channel, HTTP endpoint, and shell command is validated and rate-limited independently.

Encryption at Rest

Session transcripts, voice summaries, and cached data are encrypted using AES-256-GCM with 256-bit keys. Each data domain uses a separate derived key so that compromise of one does not affect others.

  • AES-256-GCM authenticated encryption
  • Domain-separated key derivation
  • Master key in macOS Keychain / Windows Credential Manager
  • Atomic file writes with owner-only permissions

Process Isolation

The renderer runs in a fully sandboxed process. It cannot access the file system, spawn processes, or use Node.js APIs. All communication goes through validated IPC channels.

  • Context isolation enabled
  • OS-level sandbox enabled
  • Node integration disabled
  • Navigation and window-open blocked

IPC and HTTP Hardening

Every IPC channel is registered in a central allowlist. The HTTP server binds to localhost only, with URL-parsed CORS, security headers, request size limits, and per-IP rate limiting.

  • Central channel allowlist with preload validation
  • Per-channel rate limiting by sensitivity tier
  • Localhost-only HTTP binding
  • CSP, X-Frame-Options, and referrer policy headers

Voice Privacy

Speech-to-text runs entirely on your device using CoreML (Apple Neural Engine) or Parakeet (local MLX inference). Audio is never sent to a cloud service. Recordings are processed in memory.

  • On-device STT inference only
  • No cloud audio processing
  • No audio storage after transcription
  • Microphone access requires explicit macOS permission

Fleet Mode Security

When fleet mode is enabled for multi-machine orchestration, all communication is authenticated and encrypted with per-peer keys. Messages include tamper detection and replay protection.

  • Timing-safe token authentication
  • Per-peer AES-256-GCM payload encryption
  • HMAC message authentication
  • Replay protection with message expiry

Shell and Input Safety

All shell commands use argument arrays instead of string interpolation to prevent injection. User-facing content is escaped before rendering. Auth tokens are stored in the OS keychain.

  • No shell string interpolation
  • Dedicated sanitization for session IDs and paths
  • HTML escaping on all user-controlled content
  • Terminal input control character stripping

Code Signing and Notarization

Every production build is signed with an Apple Developer certificate and submitted for Apple notarization. macOS Gatekeeper verifies the signature on first launch. The hardened runtime flag enforces code integrity, and entitlements are scoped to exactly what the app requires: microphone access, network communication, and Apple Events for terminal automation.

Frequently Asked Questions

Does Callipso send my data to the cloud?

No. Voice transcription runs on your machine. Session data stays on your machine. The only network calls are authentication (Google/GitHub OAuth) and optional fleet mode on your local network. There is no telemetry server that receives session content.

How is session data encrypted?

Sensitive fields in session archives are encrypted using AES-256-GCM. The encryption key is generated on first launch and stored in the macOS Keychain (or Windows Credential Manager) via Electron's safeStorage API. Each data category uses a separate derived key.

Can a compromised plugin access my files?

No. The renderer runs in a sandboxed process with Node.js integration disabled and context isolation enabled. It can only communicate with the main process through validated IPC channels. File system access is restricted to specific handlers that validate paths.

How is fleet mode secured?

Fleet mode uses token authentication with timing-safe comparison, per-peer payload encryption, message authentication, and replay protection. The HTTP server requires authentication on every fleet request.

How do I report a security issue?

Email security@callipso.dev. We take all reports seriously and will respond within 48 hours.

For details on data collection and usage, see our Privacy Policy. For terms of use, see our Terms of Service.