Contextarr
Security model View on GitHub

Security

Security model

Contextarr handles operational and personal context, so the default posture is local-first, data-only, and review-first.

Local-first by default

Contextarr keeps source context in local files and uses local services for validation, indexing, review, rendering, exports, and MCP access.

Data-only Context Packs

Packs are metadata, Markdown records, source maps, validation rules, redaction rules, and export profiles. Pack content is read and validated, not executed.

Read-only MCP

The local stdio MCP server exposes read-only pack, record, search, and export-preview tools. It must not mutate files, run commands, call network services, or access secrets.

Human review required

AI-drafted content and imported draft records require review before they become trusted context, exports, or MCP-visible content by default.

No telemetry

Telemetry is out of scope. Contextarr should not phone home by default, and this static website does not add analytics or tracking scripts.

No marketplace in v0

Contextarr is not a public marketplace or cloud registry. Any future registry model must wait until the trust model matures.

What Contextarr does not do

Explicit boundaries.

These boundaries are part of the product model, not a temporary marketing promise.

  • No executable packs
  • No scripts inside packs
  • No shell commands
  • No hidden network calls
  • No credentials inside packs
  • No direct Gmail connector
  • No banking or brokerage connector
  • No hosted sync
  • No managed AI dependency
  • No agent runner

Responsible disclosure

Report security issues privately.

Please do not include public exploit details, private data, credentials, or secret material in GitHub issues.

Security contact: security@contextarr.com