Reference
Security
Code signing, release scanning, and supply chain integrity
Code signing
All Windows executables and installers are signed with a Microsoft Trusted Signing certificate issued to LLM HUB, Inc. This provides verified publisher identity, tamper protection, and immediate SmartScreen reputation — no "Unknown publisher" warnings on first download.
App updates are additionally signed with Minisign (Ed25519) signatures, which are verified by the app before installation.
Release security scanning
Every release artifact is scanned in CI (GitHub Actions) between the build step and the upload step. Nothing reaches the download servers without passing all checks.
| Scanner | What it scans | Failure condition |
|---|---|---|
| ClamAV | All binaries — Windows .exe, macOS .dmg, Linux .AppImage, CLI binaries | Any detection |
| VirusTotal | Windows installers and Linux CLI binaries (70+ antivirus engines) | More than 2 engines flag malware |
| Trivy | Docker server images | Critical container vulnerabilities |
If any scan fails, the build is halted and no artifacts are published.
Dependency auditing
Dependency vulnerability scans run on every push across all languages in the project:
- cargo audit — Rust dependencies (proxy engine, desktop apps, CLI binaries)
- npm audit — Node.js dependencies (web app, admin dashboard, Tauri UIs)
- pip-audit — Python dependencies (admin server)
Privacy by design
Bleep processes all data locally. No request content, source code, credentials, or PII is ever sent to Bleep servers. Violation logs contain metadata only — the actual sensitive data is never stored.
The only cloud communication is license validation and aggregated usage metrics (detection counts by type). See the Privacy Policy for full details.