• Manifest Permissions: Extension requests NO network-related permissions
• Code Verification: Search codebase for fetch, XMLHttpRequest, WebSocket - none found
• Dependencies: No network-capable dependencies in package.json
• Offline Operation: Entire extension operates without internet connectivity

// All data operations use local file system APIs only
await fs.promises.writeFile(saveUri.fsPath, recordingData, 'utf8');
const content = await fs.promises.readFile(uri.fsPath, 'utf8');

Extension only requests access to:

• vscode.commands - For command registration
• vscode.window - For UI dialogs and terminal access
• vscode.Uri - For local file paths
• Node.js fs - For local file operations

1. User Consent: Modal dialog before recording starts
2. Terminal Capture: Only when explicitly started by user
3. Local Storage: Direct to user-selected file location
4. No Buffering: No temporary storage in extension data

// Example: User controls ALL file operations
const saveUri = await vscode.window.showSaveDialog({
    defaultUri: vscode.Uri.file(`recording-${timestamp}.pcr`),
    filters: { 'Pure Cinema Recordings': ['pcr'] }
});

• Recording requires manual start action
• Clear visual indicators when recording
• User chooses save location every time
• Status bar shows "Local Only" reminder

• Extension only active when commands executed
• No event listeners during inactive state
• No periodic tasks or timers
• Clean disposal of all resources

{
  "version": "1.0",
  "startTime": 1691750400000,
  "frames": [
    {
      "timestamp": 100,
      "content": "user terminal output",
      "type": "output"
    }
  ],
  "terminalInfo": {
    "name": "bash",
    "cwd": "/user/chosen/path"
  }
}

✅ No clipboard access without user action
✅ No file system access outside user dialogs
✅ No process execution or shell commands
✅ No environment variable reading
✅ No system information collection

• Strict TypeScript compilation
• Type-safe interfaces for all data structures
• No eval() or dynamic code execution
• No external script injection

// Only development and VS Code API dependencies
"devDependencies": {
  "@types/vscode": "^1.74.0",
  "typescript": "^4.9.4",
  "eslint": "^8.28.0"
  // No runtime dependencies that could leak data
}

1. Static Analysis: Scan source code for network calls (none found)
2. Manifest Review: Check package.json permissions (minimal)
3. Runtime Monitoring: Extension makes no external requests
4. File System: Only writes to user-selected locations

1. Source Code: All code publicly available for review
2. Network Monitor: Run extension with network monitoring (zero requests)
3. File Tracking: Monitor where files are created (only user-selected paths)
4. Process Monitor: Extension creates no background processes

• No Personal Data Collection: Extension doesn't collect user data
• Local Processing: All operations performed locally
• Right to Erasure: Delete .pcr files to remove all data
• Data Portability: Standard JSON format, fully portable

• Air-Gapped Operation: Works without network access
• No Telemetry: Zero usage tracking or analytics
• Local Data Residency: All data remains on user's machine
• Audit Trail: All operations logged in VS Code output

1. Principle of Least Privilege: Minimal VS Code API permissions
2. Defense in Depth: Multiple privacy confirmations and indicators
3. Transparency: Open source code + clear documentation
4. User Control: Every operation requires explicit user action
5. Local-First: No cloud dependencies or external services

✅ Unauthorized data transmission
✅ Background keylogging
✅ Unnoticed data collection
✅ Cloud data storage
✅ Third-party analytics

• Recording sensitive terminal sessions
• Sharing .pcr files (they contain your terminal output)
• File permissions on saved recordings

Security Review Date: August 11, 2025
Next Review: Upon major version updates
Contact: Submit security concerns via GitHub Issues