# Security Review

## Scope

Project:

```text
Modrinth Plus
```

Reviewed version or commit:

```text
main
```

## Code Patterns Checked

- [ ] No `eval`.
- [ ] No dynamic `Function` constructor.
- [ ] No unsafe HTML injection.
- [ ] No unexpected shell execution.
- [x] External network calls documented for Connected Library.
- [x] No private Connected Library credentials are persisted in v1.
- [x] Connected Library requires HTTPS manifest and `.mrpack` URLs.
- [x] MrTrust signing secrets are expected only as Gitea Actions secrets.

## Dependency Review

Command:

```bash
pnpm --filter @modrinth/app-frontend run lint
cargo clippy --package theseus
```

Result:

```text
Pending successful Gitea Actions run.
```

## Runtime Review

- [x] Connected Library manifests are stored locally in SQLite.
- [x] Connected Library auto-update is disabled by default.
- [x] `GITEA_TOKEN` is only for local agent API checks, not runtime app use.
- [x] MrTrust signing does not bypass Defender, SmartScreen, UAC, or enterprise policy.
- [ ] Full Tauri runtime permission review pending.

## Release Notes

Known residual risks:

```text
Connected Library update behavior is conservative and does not yet implement strict removed-file sync.
Windows trust depends on publishing artifacts signed with the same certificate chain installed by MrTrust.
```