This document explains how to report security issues and what users should know about MeadowPy's local AI behavior.
Related docs:
MeadowPy is under active development. Security fixes should target the current active codebase unless a specific older version is being maintained.
If you are unsure whether your version is supported, report the issue with the version or source snapshot you are using.
Do not post sensitive security details publicly if the issue could put users at risk.
When reporting a security issue, include:
- A clear summary of the issue.
- Steps to reproduce, if safe to share.
- The affected MeadowPy version or commit.
- Windows version.
- Python version.
- Whether Ollama or AI features are involved.
- Whether the issue can expose, modify, or delete user files.
- Whether the issue requires opening a malicious file or project.
Avoid including:
- Private source code.
- API keys.
- Credentials.
- Personal files.
- Full logs if they contain private paths or code.
MeadowPy's built-in AI integration is designed to use a local Ollama server. The default API URL is:
http://localhost:11434
With the default URL, MeadowPy sends prompts to the Ollama process running on the user's own machine.
Prompts may include:
- Selected code.
- Current file text for full-file review.
- Current filename.
- Cursor line.
- Enclosing function or class name.
- Runtime error text.
- Lint issue text and nearby code context.
Important limits:
- MeadowPy cannot verify what a custom Ollama-compatible endpoint does.
- If the Ollama API URL is changed to a remote server, prompt text may leave the user's machine.
- Installed Ollama models are managed outside MeadowPy.
- AI-generated code should be reviewed before it is run.
MeadowPy is a text editor for readable text files. It blocks many common binary and office document types from opening in the editor.
Large text files above the built-in safeguard are opened only after user confirmation. Large-file mode disables heavier analysis such as linting, symbol outline parsing, and full-file AI review.
Runtime logs are written to:
%USERPROFILE%\.meadowpy\meadowpy.log
Logs may include local file paths, startup errors, Qt warnings, crash details, or shutdown errors. Review logs before sharing them publicly.
MeadowPy installs dependencies from:
meadowpy\requirements.txt
Development setup also installs:
dev\requirements-dev.txt
Users and contributors should install dependencies in the project virtual environment created by setup, not into a global Python environment.