Trust Center

Local-first audit evidence without becoming a new secret store.

BeProof is built around metadata-only credential handling, explicit consent for sensitive sources, visible CoverageGap records, and policy outcomes that link back to evidence.

Security model

BeProof is designed as a local-first evidence layer. It inspects AI-agent surfaces, credential references, access metadata, and usage signals on the endpoint, then links policy outcomes back to evidence.

Privacy model

Evidence processing starts on the user endpoint by default. Reports are intended to carry metadata, fingerprints, source references, consent state, and integrity information rather than raw sensitive values.

What BeProof scans

BeProof can inspect configured scan scopes, known AI-agent locations, MCP configs, instruction files, credential references, usage signals, install records, and optional cloud grants when provider tokens or admin APIs are configured.

Coverage for this audit

The macOS app shows a live per-audit matrix (Surface / Expected / Scanned / Result) with separate Declared, Granted, Observed, and Trust completeness. It intentionally avoids a single global score so partial layers stay visible.

What BeProof never stores

BeProof reports are designed not to store raw API keys, raw OAuth tokens, passwords, or full secret values.

Credential handling

Credential evidence is represented through provider, storage type, locator, source, and fingerprint metadata.

Consent model

Sensitive sources such as keychain metadata require explicit user or admin approval. Missing or denied access is represented as a CoverageGap, not as a clean result.

Local storage

Personal Mode is designed around local processing and a local SQLite database. Evidence events are appended to a hash-chain journal; journal payloads are encrypted at rest with AES-256-GCM and a Keychain-bound key per database path. Tampering remains visible through `verify-journal`. Inventory tables are metadata-only but not encrypted in the current release.

Verify CLI contract

BeProof exposes four distinct verify commands. They are not interchangeable: `verify-export-manifest` checks artifact integrity only; `verify-export` additionally requires journal linkage fields and a local database; `verify-journal` validates the full local chain; `verify-install` validates release distribution trust.

When to use which verify command

Offline recipient / GRC handoff: `beproof verify-export-manifest --artifact <path>` (optional `--public-key` for trust-anchor cross-check). Local auditor trust on the scanning endpoint: `beproof verify-export --artifact <path>` plus `beproof verify-journal`. Release / install trust: `beproof verify-install --app /Applications/BeProofApp.app` with optional `--artifact` and `--provenance` for DMG and SBOM checks.

Telemetry policy

BeProof should not depend on sending raw endpoint evidence to a hosted service. Any future managed telemetry must preserve consent, scope, retention, and evidence-quality boundaries.

Export integrity

Audit exports include artifact SHA256, Ed25519-signed manifest hash (`ed25519-v1`), and journal linkage fields when exported from an endpoint with an active evidence journal. Recipients without the local database should use `verify-export-manifest`. The scanning endpoint should use `verify-export` (manifest + journal linkage) and `verify-journal` (full chain and encryption status) for complete local trust. Key strategies are documented in the BeProof repository (`EXPORT_SIGNING.md`, `JOURNAL_ENCRYPTION.md`).

Release trust

Release trust is implemented in the public release pipeline: signed/notarized macOS app DMG and CLI with published checksum, SBOM, provenance, Sparkle appcast metadata (disabled in managed mode), and CLI verification via `beproof verify-install`. Enterprise release controls (partial): Fleet-wide verify-install attestation in control plane, tenant-private or air-gapped artifact mirror, org-enforced minimum release version policy, and automated MDM promotion workflow — manual MDM runbooks today. Export manifests use Ed25519 signing (`ed25519-v1`); legacy `sha256-only` manifests remain verifiable for artifact hash only.

macOS admin requirements

BeProof supports macOS 14+ on Apple Silicon. Baseline deployment does not require Full Disk Access or an Endpoint Security extension. Optional Keychain metadata scans require explicit user consent in addition to any macOS TCC approval. MDM deployment — PKG, PPPC template, org-policy overlay, and Jamf/Intune/Kandji/Fleet runbooks — is documented on the Managed deployment page. See also the macOS Admin Guide for support and permissions matrices.

Vulnerability disclosure

Report security issues privately to 0xy9en@gmail.com — do not use public GitHub issues. We aim to acknowledge reports within 3 business days and provide initial triage within 10 business days. Supported components are the latest macOS app and CLI releases from the public downloads repository. Full policy: SECURITY.md in the BeProof repository.

Known limitations

BeProof cannot guarantee complete cloud visibility unless the relevant provider tokens, admin APIs, or connectors are configured. Cloud grants and cloud usage should be treated as partial unless the report explicitly marks them as covered.

Verify command reference

Normative semantics align with the Policy Pack verify CLI contract and the macOS guide verify section.

CommandValidatesLocal DBStatus
beproof verify-journalAppend-only hash chain: sequence continuity, payload hashes, prev-hash links, local chain head, and journal payload encryption status (AES-256-GCM at rest).Yes (`--db`, default `.beproof/beproof.db`)Shipped
beproof verify-exportManifest hash plus journal linkage (`journalStartSeq`, `journalEndSeq`, `journalHeadHash`) against the local evidence journal.Yes (optional `--db`; required for journal linkage check)Shipped
beproof verify-export-manifestArtifact SHA256, manifest hash, and Ed25519 signature (`ed25519-v1`). No journal linkage.NoShipped
beproof verify-installApp signature, notarization, optional DMG checksum, and release provenance/SBOM when artifacts are supplied.NoShipped (CI gate + public release)