Goal
Do a focused privacy/security review before promoting the project beyond early OSS status.
Review Areas
- Codex auth read and refresh write-back.
- Claude file, environment, and Keychain credential paths.
- Local cache contents under Application Support.
- Diagnostic logging to /tmp/codex-usage-halo.log.
- Provider backoff and refresh behavior.
Done When
- docs/PRIVACY.md reflects the verified behavior.
- SECURITY.md reporting guidance is still accurate.
- No logs or cache paths include raw tokens or full credential payloads.
Goal
Do a focused privacy/security review before promoting the project beyond early OSS status.
Review Areas
Done When