🚧 Early alpha Under active construction. Everything here may change without notice — except the appcast URL. That one's forever.

Aetower

Trust

Security

Aetower is a local macOS observability tool. It can surface sensitive process, path, command, session, and host metadata, especially when the user enables optional integrations.

Supported channel

The current public channel is Developer Preview. Security fixes target the latest Developer Preview build only unless a separate support agreement says otherwise.

Reporting a vulnerability

Do not publish vulnerability details publicly before coordination.

Preferred private channel:

If that channel is unavailable, contact the project maintainer privately before opening a public issue. Public issues are acceptable only for non-sensitive bugs that do not include host metadata, logs, credentials, private paths, session names, process command lines, MCP output, or support-bundle excerpts.

Report:

Security boundaries

Release requirements

Public artifacts must pass the local pre-push gate, package smoke, release preflight, Gatekeeper verification, and Sparkle update verification from the previous build.

Questions this page answers

How do I report a security vulnerability in Aetower?

Use GitHub's private vulnerability reporting at github.com/schiste/Aetower/security/advisories/new, and do not publish details publicly before coordination.

Aetower is a free early-alpha download for macOS 14+ (Apple silicon).

Download for macOS