| Version | Supported |
|---|---|
| 2.x | ✅ |
| < 2.0 | ❌ |
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via email to: hi@saneapps.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
You should receive a response within 48 hours.
SaneProcess is a development tooling framework that:
- Runs locally on your development machine
- Integrates with Claude Code, Codex, and compatible coding-agent setups
- Uses file-based state stored in
.claude/directory - Makes no network requests — all processing is local
- Session state is stored locally in
.claude/state.json - No data is transmitted externally
- Hook logs are stored locally and not shared
The enforcement hooks (saneprompt, sanetools, sanetrack, sanestop) run as local Ruby scripts with the same permissions as your development environment. They:
- Do not execute arbitrary code
- Only read/write to designated state files
- Exit with codes 0 (allow) or 2 (block)
SaneProcess collects zero user data:
- No analytics
- No telemetry
- No crash reporting to external services