Munder Difflin is a local-first desktop app. It spawns local processes in PTYs and reads/writes files under directories you register. It opens no network listeners beyond a local Unix domain socket used for the in-app hook server, and has no auth or remote surface by design.

This is an early prototype. Security fixes target the main branch only.

Please do not open a public issue for security problems.

• Use GitHub's private vulnerability reporting: the Security → Report a vulnerability tab on https://github.com/chaitanyagiri/munder-difflin, or
• Email girichaitanya11@gmail.com with a description, reproduction steps, and impact.

You can expect an acknowledgement within a few days. Once a fix is available we'll credit you (unless you prefer to stay anonymous).

• Renderer ↔ main IPC goes through a typed contextBridge (window.cth); the renderer has no direct Node access (nodeIntegration: false, contextIsolation: true).
• All fs:* / git:* IPC calls are sandboxed and path-validated in the main process, rooted at an agent's working directory.
• The hive commits to a local git repo from a single committer (the main process); agents only write plain files.