Runtime boundary
| Component | Runs at |
|---|---|
| Parakeet-TDT v3 | In-process MLX |
| Qwen3-ASR | In-process MLX |
| Kokoro TTS | In-process MLX |
| WhisperKit | localhost:50060 |
| Apple Intelligence | On-device |
| Ollama | localhost:11434 |
| LM Studio | localhost:1234 by default; private LAN allowed |
| History, config, backups | Local filesystem under ~/.whisper/ |
wh update, and wh doctor --fix can use the network to install packages, fetch models, or update the checkout.
Permissions
| Permission | Why | Scope |
|---|---|---|
| Microphone | Record voice for transcription | Active during recording |
| Accessibility | Detect global hotkey and text shortcuts | Monitors key events for configured shortcuts |
Audio lifecycle
- Local Whisper records a temporary WAV file under
~/.whisper/. - The selected local engine transcribes the audio.
- Grammar text is sent only to the selected local, on-device, localhost, or private LAN backend when grammar is enabled.
- The result is copied to the clipboard for double-tap dictation, or pasted at the cursor for hold-to-record and auto-paste dictation.
- Audio is retained under
~/.whisper/for backup according to history settings.
Vulnerability reporting
Report vulnerabilities privately through GitHub private vulnerability reporting:- Issues requiring physical access to the machine
- Issues requiring the user to grant Accessibility or Microphone permission to a malicious process
- Prompt injection via grammar backend responses, because Local Whisper copies text and does not execute it