security.
how the app is signed, where your data lives, what the hotkey can read, and how to report a vulnerability.
how the app is signed and notarized
the app is distributed as a signed and notarized DMG. signing uses an apple developer certificate; notarization is a separate apple-side check that scans the binary for known malware before the dmg is published. macOS gatekeeper verifies both at first launch.
where your data lives on disk
captures live in a local SQLite database at ~/Library/Application Support/OCS/. plain SQLite, plain markdown export. nothing ever leaves the machine unless you opt into encrypted sync (still on the roadmap).
what the global hotkey can read
the global hotkey is registered with macOS so the panel can open from any app. optcmd.space only reads what you type inside its own panel; it does not observe keystrokes from other apps.
how to audit the code yourself
the app is MIT licensed. you can read the code, audit it, and run your own build. the canonical source is github.com/optcmdspace/ocs-macos.
how to report a vulnerability
please report privately, not via a public issue.
- preferred: github private vulnerability reporting.
- email fallback: rodrigo@optcmd.space.
include reproduction steps, the affected version, and the impact you observed. a response should arrive within 7 days. the goal is a fix released within 90 days of a confirmed report.
what is and is not in scope
in scope: the optcmd.space macOS app, build scripts, and release artifacts hosted on the github repo.
out of scope: bugs in third-party dependencies (report those upstream), denial-of-service against your own machine, and issues that require physical access plus an unlocked session.
safe harbor for good-faith research
good-faith security research on this project will not be pursued legally. that means: testing only against your own machine, reporting privately before disclosing, and avoiding privacy violations, data destruction, and service degradation.