todos.md — Security & Privacy (v0.1.0)

Principles

• Content-only operations (no shell exec). Human-in-the-loop diffs for all writes.
• Least privilege for file access (repo-root allowlist) and API tokens (org/project scopes).

Local (CLI/MCP)

• Path allowlist; respects .gitignore for scans.
• todos doctor validates duplicate ids, missing deps, and malformed tokens.
• Session discovery is opt-in and path-scoped; no external uploads.
• Telemetry is opt-in (TODOS_TELEMETRY=0|1) and never includes task content.

Hosted API

• Token scopes: read:plan, write:plan, admin:org, billing:read.
• ETags + If-Match for concurrency control; Idempotency-Key for safe retries.
• Encrypted storage, regular backups; audit log of all changes.

Threat Considerations

• Supply chain: lockfile enforcement; pinned base images; SCA scanning.
• SSRF/LFI/RCE: no remote fetch in core ops; no template “actions”.
• Multi-tenancy: org_id/project_id scoping checked on every request.

Responsible Disclosure

• Report vulnerabilities to security@todos.md. Please include reproduction steps and environment details.