BotCom Workbench is designed as a local-first desktop tool. It is not a hosted multi-tenant service.
The backend binds to:
127.0.0.1
It is intended to be reached only by the local browser or Electron shell.
The server rejects non-localhost Host headers and rejects cross-origin POST requests.
Allowed hosts:
localhost
127.0.0.1
::1
[::1]
The BotCom review proxy:
- calls only
127.0.0.1; - does not accept arbitrary URLs from the frontend;
- allowlists actions, days, platforms, and publishers;
- reads review tokens locally;
- does not return review tokens to the browser.
Secrets should be stored in untracked .env files or process environment variables.
Never commit:
- platform API keys;
- platform access tokens;
- GitHub personal access tokens;
- passwords;
- webhook URLs;
- review server tokens;
- generated mobile review links.
GitHub no longer supports password authentication for Git or gh publishing. Use browser OAuth via:
gh auth login -h github.com -p https -wor a short-lived GH_TOKEN/GITHUB_TOKEN. Do not paste account passwords into shell commands, documentation, issues, or chat logs.
Model/API profiles are stored locally under:
~/.botcom-workbench/ai-profiles.json
~/.botcom-workbench/ai-env/
The dashboard API returns only apiKeySet and a short masked preview. Raw keys are used only inside local env scripts with 0600 permissions.
The default build is unsigned/ad-hoc signed and intended for local use. Public distribution should add:
- Apple Developer ID signing;
- notarization;
- release checksums;
- reproducible release notes.
For now, open a private security advisory or contact the repository maintainer. Do not publish working exploit details before a fix is available.