Skip to content

Security: deprogram-software/dynobox

Security

SECURITY.md

Security Policy

Dynobox is a local-first email client. It handles OAuth refresh tokens, manual mail credentials, mailbox contents, optional AI provider keys, local SQLite databases, and local automation endpoints. Treat local project and runtime files as sensitive.

Supported Versions

The public repository currently supports the latest main branch only. Security fixes will be documented in release notes once tagged releases are established.

Reporting a Vulnerability

Please report suspected vulnerabilities privately before opening a public issue.

Use GitHub private vulnerability reporting if it is enabled for the repository. If it is not enabled yet, contact the project maintainers through the repository owner profile and avoid including secrets, tokens, mailbox contents, or exploit payloads in public issues.

Useful report details:

  • Affected commit or version.
  • Whether the issue affects browser mode, desktop mode, MCP, AI, or all modes.
  • Reproduction steps using test accounts or redacted data.
  • Expected impact and any known mitigations.

Local Threat Model

Dynobox is designed for local use. It does not try to protect mailbox data from a fully compromised local machine or from users/processes that can read your project directory, Electron user data directory, or shell environment.

Sensitive local files include:

  • server/.env
  • client/.env
  • server/.tokens.json
  • server/.mcp-settings.json
  • server/.rex-settings.json
  • Electron userData SQLite databases such as dynobox.sqlite
  • generated app bundles under out/

These paths are ignored by git and should not be shared in issues, screenshots, logs, archives, or release artifacts.

Network Exposure

The Express server is intended to run on localhost during development.

  • ALLOW_REMOTE_CLIENT=false blocks non-loopback clients by default.
  • DYNOBOX_API_KEY adds a shared API key requirement via the x-dynobox-key header.
  • TRUST_PROXY=true should only be used when Dynobox is behind a trusted local proxy.
  • CORS and OAuth redirect settings must be reviewed before binding the server to non-loopback interfaces.

Do not expose the Dynobox API, MCP endpoint, or Electron development ports to untrusted networks.

OAuth and Mail Credentials

Gmail OAuth refresh tokens and manual mail credentials are stored locally. Use TOKEN_ENCRYPTION_KEY to enable encryption where supported, keep file permissions restricted, and rotate credentials if a local token file is exposed.

For Google OAuth:

  • Use a development OAuth client for local testing.
  • Keep OAuth client secrets out of the repository.
  • Rotate any secret that was ever committed, pasted into chat, or exposed in logs.

AI and MCP

BRAIN BOX / REX features can send mailbox content, prompts, summaries, and embeddings to configured AI providers. MCP can expose inbox operations to local automation clients. Both are powerful and should be enabled deliberately.

Read docs/rex-ai-policy.md and docs/MCP_README.md before using either feature with real data.

There aren't any published security advisories