You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(blog): correct CSP description and trust key path after source audit
CSP now accurately reflects http://127.0.0.1:* allowance for local
blob store. Trust key path uses platform config dir, not hardcoded path.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: content/blog/security.mdx
+11-2Lines changed: 11 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,7 +58,7 @@ Widget state updates are validated, typed, and routed through a `CommBridgeManag
58
58
59
59
### Content Security Policy
60
60
61
-
The iframe also enforces a Content Security Policy. External resources (scripts, stylesheets, widget ESM modules) must load over HTTPS — no plain HTTP. This means anywidgets that fetch code from the web are required to use secure connections.
61
+
The iframe also enforces a Content Security Policy. Scripts and stylesheets can load over HTTPS or from the local blob store (`127.0.0.1`). This keeps anywidgets functional — they can fetch ESM modules from the web over HTTPS or load assets served by the daemon locally — while blocking arbitrary HTTP origins.
62
62
63
63
For organizations with stricter requirements — locking down `connect-src`, restricting script sources to specific domains, disabling `unsafe-eval` — these are levers we'd like to expose. If tighter output policies are something your team needs, [we'd love to hear about it](https://github.com/nteract/desktop/issues).
64
64
@@ -70,7 +70,7 @@ But "immediately" is dangerous. That's code you didn't write, asking to install
70
70
71
71
nteract won't install anything without explicit approval. When you open a notebook with dependencies, the runtime doesn't start. You see the full package list. You click "Trust & Start." Only then does installation begin.
72
72
73
-
The trust signature is an HMAC-SHA256 over the dependency metadata, signed with a key that lives only on your machine (`~/.config/runt/trust-key`, permissions `0600`). If anyone — human or agent — modifies the dependencies after you've approved them, the signature invalidates and nteract asks again.
73
+
The trust signature is an HMAC-SHA256 over the dependency metadata, signed with a key that lives only on your machine (in your platform's config directory, permissions `0600`). If anyone — human or agent — modifies the dependencies after you've approved them, the signature invalidates and nteract asks again.
74
74
75
75
We also run typosquatting detection. If a notebook asks for `reqeusts` instead of `requests`, you'll see a warning. It's not perfect, but it catches the obvious supply chain attacks that prey on typos.
76
76
@@ -92,6 +92,14 @@ Any process with filesystem access to the Unix socket can connect to the daemon.
92
92
93
93
This is the same trust model as SSH: if you can access the socket file, you're authorized. Agents that run on your machine, as your user, get the same access you have. It's a deliberate trade-off. We're not trying to protect you from tools you chose to run — we're trying to protect you from untrusted content inside notebooks.
94
94
95
+
## Your data stays on your machine
96
+
97
+
nteract is local-first. Your notebooks, your outputs, your environments — they live on your filesystem, not on someone else's server. There's no cloud sync, no account to create, no telemetry phoning home with your code.
98
+
99
+
The Automerge documents that back your notebooks are stored locally by the daemon. The blob store that holds your images and data frames is a directory on your disk. When you close the app, everything is right where you left it. No one else has a copy unless you explicitly share one.
100
+
101
+
This matters for security in a way that's easy to overlook. Every cloud-hosted notebook service is a target — for attackers, for subpoenas, for data breaches. With nteract, there's no central server holding thousands of users' API keys, datasets, and credentials. Your data is yours. The attack surface is your machine, which you already control.
102
+
95
103
## Why Tauri
96
104
97
105
<TauriComparison />
@@ -113,6 +121,7 @@ Our approach is defense in depth:
113
121
1.**Outputs can't escape their iframe.** Even if a kernel produces malicious HTML, it can't touch the host app.
114
122
2.**Dependencies require explicit trust.** No silent installs, no unsigned packages slipping through.
115
123
3.**The daemon has no network surface.** Unix sockets with restricted permissions.
124
+
4.**Your data never leaves your machine.** No cloud, no accounts, no telemetry.
116
125
117
126
None of these are revolutionary ideas individually. But notebooks have operated without *any* of them for over a decade. We think it's time to raise the bar.
0 commit comments