Only the latest release receives security fixes.
| Version | Supported |
|---|---|
| Latest release | Yes |
| Older releases | No |
Please do not open a public GitHub issue for security vulnerabilities.
Report privately via GitHub Security Advisories or contact @y3owk1n.
mimi requires macOS Accessibility permission for:
mimi actioncommands (window focus, space switching, move window)- Window hooks (
on_window_*)
With Accessibility granted, mimi can read window metadata and synthesize input events for space switching. It does not record, transmit, or log UI content beyond what hooks need.
Workspace hooks (on_workspace_changed) do not require Accessibility.
mimi makes no outbound network connections, sends no telemetry, and does not phone home.
Native code lives in internal/native/. Space and window-to-space features use undocumented SkyLight private APIs. Report memory-safety issues in this layer promptly.
Hooks run shell commands with the daemon's user privileges. Do not put untrusted content into hook commands or config files.
mimi action space and mimi action move_window_to_space use reverse-engineered private macOS APIs. They may break on OS updates and are not security-reviewed by Apple.