Security

Security-sensitive by default.

HyperYap handles microphone, clipboard, shortcut, local API, and optional LLM endpoint behavior. Changes in these areas must preserve the project privacy and security boundary.

Important boundaries

  • No open CORS for the local API.
  • No telemetry or hidden analytics.
  • No remote processing unless explicitly configured by the user.
  • No plaintext API keys in exported settings files.

Report a vulnerability

Use the repository security policy for responsible disclosure and current supported versions.

Open SECURITY.md