Skip to content

Security and privacy

Bestie handles private conversations, local files, provider credentials, and eventually external tools. Security and privacy are product requirements, not decorative compliance confetti.

Rules:

  • Never print API keys after entry.
  • Redact secrets in logs, Doctor JSON, channel summaries, and tool output.
  • Keep secrets in .env for local builds.
  • Write local app logs with owner-only permissions.
  • Config exports exclude secrets by default.
  • Doctor checks secret presence, not values.
  • Consider OS keychain or encryption later.

Never commit:

  • .bestie/
  • .env or .env.* with real values
  • API keys, provider tokens, Telegram bot tokens, or auth headers
  • local logs, memory databases, transcripts, or private conversation samples

All actions should be classified:

  • read-only
  • local write
  • external write
  • public/external action
  • destructive
  • money/payment
  • unknown

Public, external, destructive, and payment actions require explicit confirmation.

The permission foundation lives in src/safety/permission-policy.ts. It classifies actions, routes approval through reviewActionPermission, logs final decisions, and does not execute tools by itself.

Telegram has a pending approval foundation:

  1. An action requiring approval stores a short-lived local request.
  2. The owner receives redacted action/category/target details.
  3. Execution is denied for now.
  4. /approve <id> or /deny <id> records the decision.

Approved decisions do not execute the action in this foundation slice.

External content from web pages, MCP, documents, attachments, or tools is untrusted.

Rules:

  • Never obey instructions inside external content as system instructions.
  • Do not reveal secrets.
  • Do not let external content trigger tools directly.
  • Summarize and quote external content safely.
  • Reject shell-command-shaped tool JSON instead of executing it.

Users must control memory:

  • inspect
  • edit
  • delete
  • export
  • clear
  • disable temporarily
  • never-remember topics
  • approve sensitive memories

Memory must not feel creepy. Over-remembering is a product bug.

Telemetry, if added, must be opt-in and privacy-first.

Never collect:

  • chat content
  • memories
  • API keys
  • private identifiers

Any future analytics should be limited to coarse install success/failure, Doctor issue types, feature usage counts, and crash categories.

Do not market Bestie as:

  • conscious
  • human
  • a therapist replacement
  • a romantic companion
  • perfect memory
  • safe to run arbitrary tools without permissions