CLI Pulse touches local credentials and AI provider APIs, so security and privacy are explicit product goals. This page tells you how to report a vulnerability and summarizes how user data is handled. The full privacy policy is on privacy.html.
Reporting vulnerabilities
If you believe you've found a security or privacy issue in CLI Pulse, please report it privately first.
Preferred details: affected platform (macOS / iOS / watchOS / Android / backend), affected version (Settings → About), reproduction steps and impact, any logs or stack traces.
Please do not open a public GitHub issue for unfixed security vulnerabilities. Public issues are appropriate for general bug reports and feature requests.
We aim to:
acknowledge new reports within 3 business days
provide an initial assessment within 7 business days
ship a fix or documented mitigation within 30 days for high-severity issues, with timeline updates if more time is needed
Responsible disclosure
Please give us a reasonable window (typically 30 days, longer for complex issues) to ship a fix before publishing.
If the issue is being actively exploited, tell us in the first email so we can prioritize.
We will credit reporters in the release notes when a fix ships, unless the reporter prefers anonymity.
Provider API keys are not uploaded to CLI Pulse servers. They live only in the device's secure store (macOS / iOS Keychain, Android EncryptedSharedPreferences) and are used directly against the provider's API.
Provider session cookies are not uploaded to CLI Pulse servers. Same handling.
Bridged provider OAuth tokens read from local files such as ~/.codex/auth.json, ~/.claude/.credentials.json, and ~/.gemini/oauth_creds.json stay on the device.
Raw session-log contents under ~/.codex/sessions/ and ~/.claude/projects/ are scanned on-device only, after the user grants folder access via security-scoped bookmarks. The file contents never leave the device.
The data CLI Pulse syncs to your account is intentionally limited to aggregated metrics and operational metadata. See data-handling.html.
Credential handling
Storage: macOS Keychain, iOS Keychain, AndroidX EncryptedSharedPreferences. All are encrypted at rest by the OS and unlocked alongside the user account.
Transport to providers: TLS 1.2+ direct from the user's device to the provider's API. Provider credentials do not transit CLI Pulse infrastructure.
Transport to CLI Pulse Sync: TLS 1.2+ to Supabase, with per-account authorization.
App Sandbox (com.apple.security.app-sandbox) is enabled on the Apple platforms. File access outside the app container requires user-granted security-scoped bookmarks.
Local helper
CLI Pulse for Mac uses a local helper component to perform on-device collection. The helper:
runs only on the user's Mac
reads only the local session-log paths the user has granted access to
communicates with the main app over a local IPC channel
shares Keychain items with the main app via the app group, not the network
can be disabled by the user; background sync can also be turned off
The helper does not phone home with raw credentials, raw cookies, or raw session-log contents. Its uploads are limited to the metric and metadata categories described in data-handling.html.
Remote sync
Account-based via Supabase Auth.
Server-side encryption at rest (AES-256) on the database and storage backing each account.
TLS 1.2+ in transit.
No third-party product-analytics SDK ships with CLI Pulse. Sentry is used for crash reports only and runs through a local beforeSend scrubber that removes API keys, OAuth tokens, JWTs, Bearer headers, /Users/<name> paths, and any field whose name contains common sensitive fragments before the event leaves the device. Performance tracing is disabled (tracesSampleRate = 0).
User controls
Disable background sync / helper: Settings → General on macOS; Settings → Sync on the mobile clients.
Revoke folder access: Settings → CLI Tool Access → remove the bookmark for that directory.
Delete API keys: Settings → Providers → remove a provider.
Delete account: Settings → Account → Delete Account. Cascading deletes remove all associated rows within 30 days.
Out of scope
Third-party AI providers' own APIs and their data handling — refer to the provider's own policies.
Third-party platform stores (Apple App Store, Google Play, Supabase) for their own infrastructure security.