Security
Security features and protections built into whisp.
Security
Whisp includes multiple security layers to protect your data and prevent accidental damage.
Secret Redaction
Before sending any data to AI providers, whisp automatically redacts sensitive information. This happens on all context sent to the LLM, including recent commands, stderr output, and piped input.
Redacted Patterns
| Pattern | Example | Replacement |
|---|---|---|
| OpenAI API keys | sk-abc123... | ***OPENAI_KEY*** |
| Anthropic API keys | sk-ant-abc123... | ***ANTHROPIC_KEY*** |
| AWS Access Key IDs | AKIA1234567890123456 | ***AWS_ACCESS_KEY*** |
| AWS Secret Access Keys | aws_secret_access_key=... | aws_secret_access_key=***REDACTED*** |
| GitHub tokens | ghp_xxxx..., gho_xxxx... | ***GITHUB_TOKEN*** |
| GitLab tokens | glpat-xxxx... | ***GITLAB_TOKEN*** |
| Stripe secret keys | sk_live_xxxx..., sk_test_xxxx... | ***STRIPE_SECRET*** |
| Stripe public keys | pk_live_xxxx..., pk_test_xxxx... | ***STRIPE_PUBLIC*** |
| Bearer tokens | Bearer eyJhbGc... | Bearer ***REDACTED*** |
| Generic API keys | api_key=xxxx | api_key=***REDACTED*** |
| Passwords/secrets | password=xxxx, secret=xxxx | password=***REDACTED*** |
| Database URLs | postgres://user:pass@host | postgres://***:***@host |
| PEM private keys | -----BEGIN RSA PRIVATE KEY----- | ***PRIVATE_KEY*** |
| Slack tokens | xoxb-xxxx... | ***SLACK_TOKEN*** |
| Discord tokens | Token pattern | ***DISCORD_TOKEN*** |
| NPM tokens | npm_xxxx... | ***NPM_TOKEN*** |
| Heroku API keys | heroku_api_key=xxxx | ***HEROKU_KEY*** |
Patterns are compiled once and cached for performance. Redaction is applied before:
- Sending context to the AI provider
- Storing commands in history
- Logging error information
Destructive Command Detection
Whisp detects potentially dangerous commands and requires confirmation before adding them to your shell history.
Detected Patterns
File Deletion:
rm -rf,rm -fr,rm -rrm -rf /,rm -rf /*,rm -rf ~,rm -rf *sudo rm -rf
Disk Operations:
dd if=(disk duplication)mkfs,mkfs.(filesystem creation, e.g.,mkfs.ext4,mkfs.xfs)sudo mkfs(filesystem creation with root privileges)wipefs(filesystem wiping)shred(secure file deletion)> /dev/sd*(raw disk writes)
System Modification:
chmod -R 777 /,chmod 777 /mv /*,mv /
Dangerous Constructs:
:(){:|:&};:(fork bomb):(){ :|:& };:(fork bomb with spaces)> /dev/null 2>&1 &(suspicious background operation)
Sudo Prefixes:
sudo rm -rf /sudo ddsudo mkfs
Confirmation Flow
When a destructive command is detected:
→ rm -rf ./build
⚠ Warning: This command may be destructive. Please review carefully.
Add to history? [y/N]Only confirmed commands are added to shell history.
Disabling Confirmation
# Per-session
export WHISP_CONFIRM_DESTRUCTIVE=false
# Or per-command (not recommended)
WHISP_CONFIRM_DESTRUCTIVE=false , delete all temp filesFile Permissions
Whisp uses restrictive file permissions to protect sensitive data.
| File | Permissions | Purpose |
|---|---|---|
~/.config/whisp/config.toml | 0600 | Contains API keys |
/tmp/whisp.sock | 0700 | Unix socket for IPC |
/tmp/whisp.pid | 0600 | Daemon PID file |
~/.whisp/history.jsonl | 0600 | Command history |
| Session temp files | 0600 | Per-session command storage |
Config File Warning
If your config file has unsafe permissions, whisp warns you:
Warning: ~/.config/whisp/config.toml has unsafe permissions (mode 644).
This file contains API keys. Consider: chmod 600 ~/.config/whisp/config.tomlFix with:
chmod 600 ~/.config/whisp/config.tomlSocket Security
The daemon socket is created with secure permissions:
- Umask: Socket created with
umask 0077(owner-only access) - Atomic creation: Permissions set during socket bind, not after
- Cleanup: Stale sockets removed before binding
This prevents other users on the system from connecting to your whisp daemon.
Connection Limits
The daemon limits concurrent connections to prevent resource exhaustion:
Maximum concurrent connections: 100When the limit is reached, new connections wait until a slot becomes available.
PID File Locking
The daemon uses exclusive file locking on the PID file:
- Prevents multiple daemon instances
- Uses
flockfor atomic locking - Automatically cleaned up on shutdown
Audit Trail
All whisp interactions are logged to ~/.whisp/history.jsonl:
- Secrets redacted: API keys and passwords removed before logging
- Rotation: Automatically rotates at 10MB, keeps 3 files (~40MB total)
- Permissions: Log file created with
0600permissions - Atomic writes: Uses file locking for safe concurrent access
What's Logged
Each entry includes:
- Timestamp
- Session ID
- Command/query
- Working directory
- AI response
- Token usage
- Duration
Sensitive data is redacted before logging.
Shell Integration Security
Session Isolation
Each shell session gets a unique session ID (16-character alphanumeric):
echo $WHISP_SESSION_ID
# a1b2c3d4e5f6g7h8Session IDs are generated by the Rust binary using secure random generation.
Command Validation
Before executing the ,! (run last) command, whisp validates:
- Temp file exists
- File owner matches current user UID
- File permissions are correct
This prevents privilege escalation attacks via temp file manipulation.
Network Security
API Communication
- All provider APIs use HTTPS
- No sensitive data logged in requests
- Errors don't expose API keys
Local Ollama
When using Ollama:
- Communication stays on localhost
- No external network requests
- API keys not required
Best Practices
- Keep config secure:
chmod 600 ~/.config/whisp/config.toml - Use environment variables: Set API keys via env vars instead of config file
- Review destructive commands: Don't disable confirmation prompts
- Monitor usage: Check
whisp metricsfor unexpected activity - Keep updated: Run
whisp update --checkperiodically