Security Whitepaper
Version 1.0 | January 2026
Meno Studio is a desktop application for visual website building, operating on a local-first architecture. This document provides a comprehensive overview of our security practices, architecture, and policies.
1. Executive Summary
Meno Studio is a desktop application for visual website building, operating on a local-first architecture. The application was designed with user data privacy and security in mind.
Key Security Features
Architecture
Desktop application (Electron) - no cloud backend
Data Storage
Locally on user's machine (~/Documents/Meno/)
Credential Encryption
OS-level encryption (macOS Keychain, Windows DPAPI)
Sandbox
Renderer process isolated from operating system
Automated Scanning
Semgrep, npm audit, Dependabot on every commit
Code Signing
macOS: Apple notarization
2. Solution Architecture
System Components
Main Process
Main Node.js process handling system operations
Technology: Node.js 20
Renderer Process
Sandboxed Chromium process for UI
Technology: React 18, Vite
Preload Script
Secure bridge between main and renderer
Technology: contextBridge API
Dev Server
Local development server (only during editing)
Technology: Bun 1.3
Process Separation
Main Process (Node.js)
Full system access
Encryption operations
File I/O
Renderer Process (Chromium)
No Node.js access
Sandbox enforced
CSP enforced
Communication between processes happens through contextBridge with granular API exposure.
3. Network Communication and Ports
Locally Used Ports
3000-3999
Local editor project preview
5173
Static generated project preview
Outbound Connections
api.github.com
GitHub API (repos, auth, git)
Port 443 | HTTPS | Login, git push/pull
github.com
GitHub OAuth Device Flow
Port 443 | HTTPS | Login
registry.npmjs.org
npm package lookup
Port 443 | HTTPS | Viewing dependencies
api.anthropic.com
Claude AI API
Port 443 | HTTPS | When user uses AI
Content Security Policy
Key restrictions enforced in production:
No unsafe-eval in production
Scripts only from 'self'
External connections limited to whitelist
4. Data Flows
Data Stored Locally
Projects
~/Documents/Meno/
Page and component JSON files | Not encrypted (working files)
GitHub Token
userData/github-token.enc
GitHub OAuth token | Encrypted (safeStorage)
User Info
userData/github-user.json
Login, avatar, email (display only) | Not encrypted
AI API Key
OS Keychain
Anthropic API key | Encrypted (OS-level)
Data NOT Transmitted Anywhere
Project content (pages, components, code)
Local file paths
Edit history
Application logs
Feature usage metrics
Keystrokes / interactions
Data Transmitted to External Services
GitHub
Token, commits, files (git push)
Required for git ops
Anthropic
Prompt + file context (AI)
Requires API key
5. Security Mechanisms
Electron Security
contextIsolation: true
Isolates renderer from Node.js APIs
nodeIntegration: false
Blocks direct Node.js access
sandbox: true
Restricts renderer process permissions
webviewTag: true (with CSP)
Controlled webview embedding
Credential Encryption
GitHub tokens are encrypted using Electron's safeStorage API, which leverages OS-level encryption:
macOS: Keychain Services
Windows: DPAPI (Data Protection API)
Path Traversal Protection
Three-layer path validation protects against directory traversal attacks:
Path normalization
Check if within allowed directory
Validate project is in ~/Documents/Meno
Rate Limiting
AI Chat
30 requests / 1 minute
Tool Approvals
10 attempts / 1 minute
Generate Commit
20 requests / 1 minute
AI Init
5 requests / 1 minute
Input Validation
Zod schemas — All JSON structures
File size limit — Max 5MB for file reads
Image size limit — Max 2MB for images
Filename validation — Disallowed characters: <>:\"/\\|?*
Binary detection — Exclude binary files from search
6. Security Testing
Automated Scanning (CI/CD)
Semgrep
SAST, secrets detection
Push, PR, weekly
npm audit
Dependency vulnerabilities
Push, PR | --audit-level=high
Dependabot
Automated updates
Weekly PRs with updates
Semgrep Rules
p/javascript
p/typescript
p/security-audit
p/secrets
p/owasp-top-ten
Vulnerability Status
Critical
0 known (CI checks on every PR)
High
0 known (CI checks on every PR)
Note: Meno has not undergone a formal external penetration test. Automated scanning includes static code analysis and dependency auditing. Upon enterprise customer request, we can commission an external pentest.
7. Cloud Infrastructure
Local-First Architecture
Meno Studio does NOT have a cloud backend. The application runs entirely locally on the user's machine.
What We Don't Have
No application servers
No cloud database for projects
No cloud storage for user files
No API gateway
No load balancer
No CDN for user assets
What We Do Have
All project data stored locally
Credentials encrypted at OS level
No project data transmission to cloud
External Services (Third-Party)
GitHub
Git hosting, OAuth
Provider: Microsoft | Location: US/EU | Required for git
Anthropic
AI API
Provider: Anthropic | Location: US | Opt-in
npm Registry
Package info
Provider: GitHub/npm | Location: US | Read only
8. Integrations
Currently Supported Integrations
GitHub
Full support
OAuth, repos, git push/pull, branches
Git (generic)
Partial support
Local git operations, any remote via CLI
Claude AI
Full support
AI assistant in editor
Figma (MCP)
Experimental
Design import via Model Context Protocol
Extensibility
Meno uses Model Context Protocol (MCP) for integration with external tools. Currently supported: Figma MCP Server for design import. The architecture allows adding new MCP integrations without changes to the core application.
9. SSO and Authentication
Current Authentication Model
GitHub OAuth 2.0 (Device Flow):
1. User clicks "Login with GitHub"
2. App sends request to github.com/login/device/code
3. GitHub returns device_code and user_code
4. User goes to github.com/login/device
5. User enters user_code and authorizes
6. App polls /login/oauth/access_token
7. After authorization, receives access_token
8. Token encrypted and saved locally (safeStorage)
OAuth Permissions (Scope)
repo — Full access to private repositories
user:email — Access to user's email address
read:org — Read organization membership
SSO Enterprise Support
GitHub OAuth is the only login method. GitHub OAuth provides SSO for Meno Studio:
Organizations using GitHub Enterprise can enforce SAML SSO authentication at the GitHub level. Since Meno exclusively uses GitHub OAuth for login, it automatically inherits these security controls:
User must first authenticate through corporate IdP (Okta, Azure AD, etc.) to access GitHub
Only after passing SSO can they authorize Meno
Organization can restrict access only to members with enforced SSO
This means Meno supports SSO indirectly through GitHub Enterprise—without requiring native SAML/OIDC integration in the application itself.
10. Security Policies
Update Management
Latest
Full support (features + security)
Previous
Security fixes only
Older
No support—please update
Code Signing
macOS
Certificate: Developer ID Application
Team ID: V48BWM8PP8
Hardened Runtime: Enabled
Notarization: Apple Notary Service
Windows
Authenticode: Planned
Auto-Updates
Updates downloaded from GitHub Releases
Update packages are digitally signed
User receives notification about new version
Installation requires manual confirmation
Dependency Management Policy
Dependabot — automated PRs with updates (weekly)
npm audit — blocks merge on High/Critical
Lockfile — package-lock.json committed to repo
Review — every dependency change requires code review
11. Compliance and Certifications
Current Status
GDPR
No
Local data
SOC 2
No
No cloud infrastructure
ISO 27001
No
Not applicable (local-first)
HIPAA
No
Not applicable
PCI DSS
No
We don't process payments
GDPR Considerations
Data stored locally — user has full control
Right to deletion — delete Meno folder
Analytics (Supabase) — minimal, opt-out possible
Data processing agreement — available upon request
12. Contact and Vulnerability Reporting
Reporting Vulnerabilities
Email: team@meno.so
Response time: 48 hours
What to include in your report:
Description of vulnerability
Steps to reproduce
Potential impact
Contact information (optional)
We ask that you do not publicly disclose vulnerabilities before our response and give us time to fix before disclosure.
Questions about security?
Reach out to: team@meno.so