Security.

Schema is built local-first. The default deployment runs on your laptop and reads only the directories you explicitly allow.

Filesystem boundary

All FS-backed APIs (extract, ops, file viewer) reject any path that doesn't resolve under an allow-listed root. The list is configured viaSCHEMA_ALLOW_ROOTS; production deployments requireSCHEMA_ALLOW_FS=1to enable any FS endpoint at all.

LLM key handling

API keys (Gemini, Anthropic) are forwarded per-request from the browser to the server, never persisted server-side. The browser stores them in localStorage at your discretion.

GitHub clone cache

When you import a GitHub repo we clone into a per-user cache directory (default<tmp>/schema-clones; configurable viaSCHEMA_CLONE_CACHE_DIR). Tokens are scrubbed from theoriginURL after cloning so no credential ever lands on disk.

Disclosure

Found a vulnerability? Please emailsecurity@schema.devbefore opening a public issue. We aim to respond within 72 hours.

This page is a placeholder; the formal security policy + a coordinated-disclosure SLA are in flight.