# Security QA Scribe's main trust boundaries are local storage, managed attachment files, rich HTML/editor content, and local AI provider process execution. The app does not store provider API keys. ## Key source files | File | Security role | | --- | --- | | `crates/qa-scribe-core/src/attachments/mod.rs` | Sanitizes paths, stores under app-data, hashes files, verifies previews. | | `frontend/src/editor/editorHtml.ts` | Constrains rich editor HTML, links, and image sources. | | `crates/qa-scribe-core/src/generation/response.rs` | Repairs generated output and preserves managed image references. | | `src-tauri/src/commands/ai/streaming_exec.rs` | Runs provider CLIs with stdin/stdout handling, cancellation, and timeout behavior. | | `src-tauri/src/provider_command.rs` | Resolves provider executables. | | `src-tauri/src/commands/error.rs` | Normalizes errors sent to the UI. | ## Local data and privacy `README.md` states that SQLite and managed attachments are local. AI generation sends selected Generation Context text and attachment metadata to the chosen local provider CLI, not raw attachment binaries. Provider API keys are managed by the provider CLI outside QA Scribe. ## Rich content safety The frontend uses `frontend/src/editor/editorHtml.ts` and generated constants from `src-tauri/src/specta_bindings.rs` to keep editor HTML constrained. Managed images use the QA Scribe attachment protocol rather than arbitrary local file paths. ## Process execution safety Provider execution lives under `src-tauri/src/commands/ai`. The implementation tracks child processes in `src-tauri/src/jobs.rs`, kills children on app exit in `src-tauri/src/main.rs`, and has cancellation/watchdog tests under `src-tauri/src/commands/ai/streaming_exec/tests.rs`. For implementation details, see [Managed attachments](features--managed-attachments.md), [Rich record editing](features--rich-record-editing.md), and [Generation jobs](systems--generation-jobs.md).