Built for security-conscious teams
Designed to deserve the trust you place in your clipboard.
A pasted secret is intimate trust. We document the architecture, the limits, and the roadmap publicly — so your security team can answer their own questions without filing a vendor ticket.
Threat model
safe-paste is designed to defend against a specific class of risk: accidental leakage of credentials via clipboard when sharing snippets with humans or AI assistants. Here is what we defend against, and where the boundary is.
What we defend against
- · Accidental paste of credentials into chat (Slack, Discord, ChatGPT, Claude, etc.)
- · Accidental paste of credentials into tickets, docs, screenshots shared externally
- · Accidental copy of malicious package install commands from compromised sources
- · Compromised passwords inserted into URLs, headers, or connection strings
- · Leakage of EXIF / GPS metadata in screenshots
What we don't defend against
- · A determined attacker with code execution on your Mac — we are not a substitute for endpoint security
- · Intentional, deliberate paste of secrets when Vibe Mode is off
- · Keyloggers — anything that intercepts at the OS level happens before our reach
- · Side-channel exfiltration outside the clipboard (network monitoring, file uploads, etc.)
- · Patterns we have not yet curated — see /coverage for the current catalog
Data flow
Every byte your clipboard touches stays on your Mac. Updates and the malicious-package catalog are the only network touchpoints — both signed and verifiable.
┌────────────────────────┐ ┌─────────────────────┐
│ Your Mac (everything) │ │ Network (boundary) │
├────────────────────────┤ ├─────────────────────┤
│ │ │ │
│ ┌───────────┐ │ │ │
│ │ Clipboard │────────┼─── never leaves ────→ │ ✗ blocked │
│ └───────────┘ │ │ │
│ │ │ │ │
│ ▼ │ │ │
│ ┌───────────┐ │ │ │
│ │ Scanner │ <──────┼─── pattern set (local) │ │
│ └───────────┘ │ │ │
│ │ │ │ │
│ ▼ │ │ │
│ ┌───────────┐ │ │ │
│ │ Redactor │────────┼─→ paste target (local) │ │
│ └───────────┘ │ │ │
│ │ │ │
│ ┌───────────────┐ │ │ │
│ │ Sparkle 2 │ <──┼─── EdDSA-signed only ──→ updates.manolus.com │
│ └───────────────┘ │ │ │
│ │ │ │
│ ┌───────────────┐ │ │ │
│ │ OSV catalog │ <──┼─── advisory by ID only ─→ osv.dev (public) │
│ └───────────────┘ │ │ │
│ │ │ │
└────────────────────────┘ └─────────────────────┘
Integrity & signing
Auto-updates ship via Sparkle 2 with EdDSA signature verification. Even if the update server were compromised, modified binaries would fail signature check and never run. The verification key is published below — pin it in your MDM or compliance tooling if you want a third trust anchor.
EdDSA update signing key
This Ed25519 public key signs every update served by the auto-update channel. If the binary you receive does not verify against this key, Sparkle refuses to install it.
MXdk/riKQvOQx6AB3tmd2+2mjvMH/sdHxH1Z1sUB6YA= Compliance posture
GDPR
Available nowCookieless analytics, EU data residency available, DSR via email
SOC 2
On the roadmapType I planned for v2 cycle, audit firm selection underway
HIPAA workflow-compatible
Available nowNo cloud storage of PHI; BAA available on request
Independent code audit
On the roadmapScheduled for post-1.0 stability window
Verifiable builds
Available nowSHA-256 of each release published in /changelog
Deployment options
Direct download covers individual installs. For team or fleet deployment, contact us — we can help with MDM/Jamf packaging, custom pattern bundles for internal credentials, and policy-managed Vibe Mode defaults.