Security

Qalatra is local-first by design. Your data never transits our servers — it lives in a SQLite database on your machine at ~/.qalatra/. The attack surface of the application is therefore your own machine, not a cloud backend.

The built-in MCP server listens on localhost:3457 only and is not exposed to the network. Agent configurations run with the permissions of your user account — the same as any terminal command you'd run yourself.

If you discover a security vulnerability in Qalatra, please report it privately before disclosing publicly. We take all reports seriously and will respond promptly.

Email: [email protected]

GitHub: Use GitHub's private vulnerability reporting on the qalatra repository.

Please include a description of the issue, steps to reproduce, and your assessment of impact. We'll acknowledge receipt within 48 hours and aim to issue a fix within 14 days for confirmed vulnerabilities.

We're interested in vulnerabilities that allow an attacker to:

• Read or modify another user's local database without their consent
• Execute arbitrary code via a malformed agent config, task, or daily note
• Escape the MCP server's localhost-only binding
• Exfiltrate data via the auto-update mechanism
• Bypass agent permission restrictions defined in agent.config

• Vulnerabilities requiring physical access to the user's machine
• Issues in third-party dependencies already reported upstream
• Social engineering attacks
• Denial of service against a local process

We provide security fixes for the latest stable release only. We strongly recommend keeping Qalatra up to date. You can check for updates in Settings or watch the changelog.

No reports yet. Be the first.