If you discover a security vulnerability in Hardstop, please report it responsibly:
Email: security@clarity-gate.org
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes
Response time: I aim to respond within 48 hours and will work with you to understand and address the issue.
Hardstop is designed with security as a core principle:
If any part of the safety check fails (timeout, parse error, missing CLI), the command is blocked, not allowed. This ensures that broken installations don't silently permit dangerous operations.
- All pattern matching runs locally
- No external API calls (except optional Claude CLI)
- No data exfiltration possible
- No network dependencies for core functionality
Hardstop only:
- Reads command text from hook input
- Writes to
~/.hardstop/directory - Optionally invokes local Claude CLI
It does NOT:
- Execute arbitrary code
- Modify system files
- Access credentials
- Read conversation history
-
Pattern Evasion: Sophisticated obfuscation may bypass regex patterns. The LLM layer provides defense-in-depth.
-
LLM Dependency: Layer 2 analysis requires Claude CLI. Without it, only pattern matching is available.
-
No Confirmation Flow: Hardstop provides binary ALLOW/BLOCK decisions, not "explain and confirm" dialogs.
| Version | Supported |
|---|---|
| 1.0.x | Yes |
Security fixes will be released as patch versions (e.g., 1.0.1) and documented in the changelog.