Skip to content

Commit ef3cc60

Browse files
shockalotticlaude
andcommitted
docs(audit): tighten meeting-content-egress claim per Layer 2 findings
A full adversarial audit pass (six parallel agents against audit/prompts/prompt-pack.md) found the claim's headline sentence misleading on two points, even though both were already disclosed in the caveat text: 1. The notetaker sends full transcript text to the configured BYO-LLM for summarization, not just recorded audio to Deepgram — a second real destination for meeting content that the headline omitted. 2. LiveKit is listed under "meeting links" alongside Zoom, but if an operator points it at LiveKit Cloud instead of self-hosting, live meeting audio/video transits LiveKit Cloud's infrastructure for the call's duration — a materially different claim than a Zoom join-link, which never touches Calnode's or a third party's media pipeline at all. Rewrote the claim's headline to name both real destinations up front, and gave LiveKit Cloud its own explicit paragraph in the caveat rather than a one-line bullet next to Zoom, framing it the same way as a self-hosted-vs-managed-database choice: identical code path, operator draws the trust boundary. No code changes — this is a wording-accuracy fix surfaced by the audit, not a new vulnerability. The 9 real code-level findings from this audit pass (SSRF gaps in CalDAV/LLM/LiveKit config, a cross-host meeting-content leak in notetaker_http.go, a booking-creation validation gap, an MCP consent CSRF gap, and others) are tracked separately, pending a scoping decision on which to fix first. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent f67a7c9 commit ef3cc60

1 file changed

Lines changed: 24 additions & 10 deletions

File tree

audit/claims.yaml

Lines changed: 24 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -54,12 +54,19 @@ claims:
5454
5555
- id: meeting-content-egress
5656
claim: >
57-
Meeting CONTENT — recorded audio and transcripts — never leaves your
58-
infrastructure except to Deepgram, and only when you explicitly enable the
59-
optional notetaker feature.
57+
Meeting CONTENT — recorded audio and transcripts — only ever leaves your
58+
infrastructure to services you explicitly configure: Deepgram (audio, if you
59+
enable the notetaker) and your own BYO-LLM endpoint (transcript text, for the
60+
same notetaker's summary step). Nothing carries meeting content by default.
6061
verify:
6162
- "grep -rn 'api.deepgram.com' internal/ — the single outbound call site
62-
that receives recorded audio (internal/stt/deepgram.go)."
63+
that receives recorded audio (internal/stt/deepgram.go). Calnode hands
64+
Deepgram a presigned, time-limited GET URL into your own bucket rather
65+
than uploading the file itself — Deepgram's servers fetch it."
66+
- "internal/handler/notetaker.go — the summarize step sends the full
67+
transcript text to h.getLLM() (your configured BYO-LLM endpoint), the same
68+
client used by the conversational booking assistant. See
69+
internal/llm/client.go."
6370
- "Recordings themselves go to YOUR OWN S3-compatible bucket (LITESTREAM_*
6471
env vars), never to Calnode or any third party — see
6572
internal/handler/livekit_recording.go and migration 00043."
@@ -73,16 +80,23 @@ claims:
7380
that carry no meeting content:
7481
- Calendar sync: Google Calendar, Microsoft Graph/Teams, CalDAV providers
7582
(iCloud, Fastmail, Nextcloud, etc.) — internal/gcal, internal/calendar.
76-
- Meeting links: Zoom (per-host OAuth), LiveKit — either self-hosted or
77-
LiveKit Cloud, an operator choice, not a Calnode-run service.
83+
- Meeting links: Zoom (per-host OAuth) — meeting metadata only (topic,
84+
time); Zoom's own infrastructure handles Zoom-call audio, outside
85+
Calnode's process entirely.
7886
- Payments: Stripe, for paid bookings.
7987
- Optional analytics: GA4/GTM, native and consent-gated (see
8088
cookie-consent-gated-analytics below) — off by default, and even when on,
8189
carries no meeting content.
82-
- BYO-LLM: your configured LLM endpoint (default api.openai.com, fully
83-
swappable to any OpenAI-compatible provider) receives booking constraints
84-
and, for the notetaker, transcript text to summarize — never raw calendar
85-
data. See llm-no-raw-calendar-data below.
90+
LiveKit (built-in video) is the one integration where "leaves your
91+
infrastructure" depends entirely on an operator choice made at setup, not a
92+
Calnode default: if you point it at a self-hosted LiveKit server, live
93+
meeting audio/video never leaves infrastructure you control. If you point it
94+
at LiveKit Cloud instead, live meeting media transits LiveKit Cloud's
95+
infrastructure for the duration of the call — a third party beyond Deepgram/
96+
your BYO-LLM, and beyond what this claim's headline sentence alone would
97+
suggest. This is exactly analogous to choosing a self-hosted vs. managed
98+
database: Calnode's code path is identical either way, but the trust boundary
99+
is drawn by your own infrastructure choice, not by the code.
86100
A skeptical reader should verify this list is exhaustive themselves — that's
87101
exactly what the adversarial prompt above is for.
88102

0 commit comments

Comments
 (0)