Loft moves files to the macOS Trash and walks user directories. We take this seriously and welcome reports of any issue that could lead to unintended file loss, permission escalation, or data exposure.
This project is pre-1.0. The latest commit on main is the only supported version.
Please do NOT open a public GitHub issue for security reports.
Email the maintainer instead: alden@daangn.com
Include:
- A short description of the issue and its impact.
- Steps to reproduce (a minimal repro is hugely helpful).
- The Loft commit hash and your macOS version.
- Any relevant logs from
~/Library/Logs/Loft/operations.log. - Whether you've shared this with anyone else.
We'll acknowledge within a few business days and work with you on a fix.
Roughly, anything that could violate user trust:
- A code path that could delete a file the user didn't select.
- A scanner that could read paths outside its declared scope.
- A trash / log path that could be redirected by an unprivileged caller.
- Anything in
PromptBuilderorLLMRouterthat could leak sensitive paths via the generated prompt or URL in a way the user wouldn't expect. - Crashes on hostile-but-plausible file system inputs (symlink loops, deeply nested directories, malformed names).
Non-security bugs (a wrong size, a UI glitch, slowness) are normal issues — please file those publicly.
We aim to ship a fix before discussing the issue publicly. Once a fix lands, we'll credit the reporter (or keep them anonymous, whichever they prefer) in the changelog and release notes.
Thank you for helping keep Loft trustworthy.