Trust boundaries you can point to.
Security in vecterm is a set of concrete decisions — not a wall of badges. Here's what those decisions are.
Local-first architecture
Your connections, sessions, and history live on your device. Cloud features are opt-in and clearly labeled.
Keychain-backed credentials
Secrets stay in macOS Keychain. vecterm references them; it does not store plaintext credentials on disk.
Touch ID gating
Sensitive actions — like exposing a secret — require an explicit biometric confirmation.
Explicit host verification
Every first-time host is confirmed by fingerprint. Mismatched keys block the connection and surface a clear diff.
Redacted logs by default
Command output can be redacted from history. Redacted content never syncs, exports, or ships to a third party.
Clear trust boundaries
Every network boundary is visible in the UI. You always know what leaves your device and why.
- ✓ Stores credentials in the platform keychain
- ✓ Verifies every host by fingerprint
- ✓ Keeps session history on-device by default
- ✓ Signs its own release binaries
- — No silent transmission of terminal output to third parties
- — No forced cloud dependency to use the product
- — No fabricated compliance badges or unverifiable claims
- — No blanket "military-grade" marketing language
A formal security overview, dependency posture, and disclosure process will be published alongside general availability.