Review the current local security model, safe probes, secret storage, desktop telemetry posture, and the v1 licensing behavior.
- Vault model and secret storage
- Safe probe boundaries
- Desktop telemetry posture
- Trial, activation, offline grace, and restricted mode
Applies to
WindowsmacOSLinux
Covers
SecurityLicensingSetup
Security, vault, and licensing
Vault model
The vault is the operational gate for the app.
While locked:
- scans stay non-operational
- sensitive workflows stay gated
- the app can still expose safe local context without pretending it is fully active
Secret storage
Cloudflare secrets belong in OS-backed storage.
The intended split is:
- secrets in the platform secret store
- workspace metadata in local app data
- exports and diagnostics redacted before they leave the runtime
Safe probe boundaries
By default, probe activity is limited to:
- public DNS
- TLS verification
- non-destructive HTTP verification
Licensing behavior
The v1 licensing model is desktop-native:
- checkout and license lifecycle come from Lemon Squeezy
- the app caches normalized license state locally
- caps and feature flags are enforced in the desktop runtime
Offline grace
The current offline grace window is 7 days. After grace expiry, the app should enter restricted mode while local data remains visible.