Security

Security posture, hardening checklist, threat model.

Reporting a vulnerability

Email the maintainer (see repository contact). Please do not open public issues for security reports. We aim to acknowledge within a few business days.

Security posture (current: Stage 0)

• No network by default. The CLI reads local files and prints output.
• Local-only store. Team mode writes to a local SQLite file; the dashboard

binds to 127.0.0.1 unless you change it.

• No secrets handled. Nomira does not read or store API keys; it reads usage

metadata from local logs only.

• Dependency surface: none. Stage 0 is Python standard-library only — no

third-party packages, so no transitive supply-chain exposure.

• Content rejection. The collector rejects any ingest event containing

content-bearing fields.

Hardening checklist before exposing the dashboard beyond localhost

• Put the collector behind authentication / a reverse proxy with TLS.
• Restrict --port binding; do not expose 0.0.0.0 on untrusted networks.
• Treat the SQLite store as sensitive (it contains cost/usage, not content).
• Add rate limiting / payload size limits to /ingest for multi-tenant use.

Threat model notes

The auditor value depends on integrity of the pricing tables. Treat nomira/pricing.py as a reviewed, versioned asset; a wrong rate is a correctness (and trust) bug, tracked the same as any other.