Security notes.

Team Chat Launcher uses a local-first design and describes its boundaries plainly so teams can decide whether it fits their risk model.

What the project is designed to do

  • Local-first design.Designed for private LAN collaboration rather than a hosted cloud chat service.
  • Hub boundary.Hub does not store plaintext chat content.
  • Encrypted file payloads.Temporary file hosting stores encrypted file payloads.
  • Manual setup remains available.Users who want to inspect and control the runtime can use the Bash/Python path.
  • Remote AI provider boundary.Remote AI providers only receive context when the user explicitly sends or confirms it, if that feature is enabled.

Boundaries and evaluation

  • This is not a Signal or MLS protocol implementation.The project does not claim those protocol guarantees.
  • The project does not claim third-party security audit coverage.Security-sensitive teams should review the implementation before adoption.
  • Risk model fit matters.Users should evaluate whether it fits their own risk model.
  • LAN deployment is not a full control plane.LAN deployment reduces some network exposure, but it is not a replacement for organizational security controls.