| Version | Supported |
|---|---|
| 0.1.x | ✅ |
Please do not open public GitHub issues for security vulnerabilities.
Report security issues privately by opening a GitHub Security Advisory on the repository, or contacting the maintainers directly if you have a private channel.
We aim to acknowledge reports within 72 hours.
Aurio is designed as a local-first application:
- The control API is restricted to
localhost. The server listens on the configured port (PORT=8080) on all interfaces — this is required so UPnP/DLNA speakers can fetch audio over the LAN while casting — but every state-changing or sensitive endpoint (settings, chat, trigger, integration tests, profile build, and the WebSocket control channel) rejects non-loopback requests with403. Only the static player and the read-only media proxies (/api/stream/*,/api/cover/*,/api/ncm/stream/*,/api/qq/stream/*) are reachable from other hosts. - Set
AURIO_ALLOW_LAN=trueto lift the restriction and open the whole API to the LAN — only do this behind your own authentication / reverse proxy. - API keys, cookies, and credentials are stored in
data/settings.jsonon the user's machine (gitignored), written atomically (temp-file + rename). - TTS audio is cached locally in
cache/tts/(oldest clips are evicted automatically).
| Data | Location | Notes |
|---|---|---|
| Settings & secrets | data/settings.json |
Navidrome creds, API keys, NetEase cookie |
| Playback state | data/state.json |
Queue, messages, play history |
| TTS cache | cache/tts/ |
Synthesized speech files |
- The control API and the WebSocket stream are loopback-only by default (see above); other machines on your network get
403. The PWA works on the same machine (Electron, or a browser pointed atlocalhost). - Music stream proxies (
/api/stream/*,/api/ncm/stream/*,/api/qq/stream/*) and cover art (/api/cover/*) forward audio from external CDNs; they stay LAN-reachable so speakers can play while casting, and they do not expose your credentials to the browser. - Navidrome credentials are used server-side only; the PWA never receives raw passwords.
- Do not set
AURIO_ALLOW_LAN=true(or otherwise expose the port) on an untrusted network without putting your own authentication in front of it.
Depending on configuration, Aurio may contact:
- AI providers — Claude CLI / Codex CLI (local subprocess) or remote APIs (OpenAI-compatible, Anthropic, GLM, DeepSeek, Kimi)
- Music — Navidrome (your NAS), NetEase Cloud Music API, QQ Music public endpoints
- TTS — macOS system speech, Tencent Cloud TTS, Fish Audio
- Weather — OpenWeather
- Calendars — macOS Calendar, ICS files/URLs, Feishu (when configured)
Each integration is optional. Missing credentials disable that feature without blocking the app.
- Do not commit
.envordata/to version control. - Do not expose port 8080 to the public internet without authentication.
- Use
CLAUDE_FORCE_LOGIN=trueif strayANTHROPIC_API_KEYenv vars interfere with CLI auth. - Rotate API keys if you suspect they were leaked from
data/settings.json.
We rely on npm audit and community reports. Report supply-chain concerns through the same private channel as application vulnerabilities.