Security
The partner uses your keys.
Never sees them.
Operator-bound vault. Sealed body. Kill switch. No telemetry. Three guarantees and a threat model that names what we don't claim.
01
The vault
What it protects. Your API keys, your tokens, every credential the agent needs to act on your behalf.
What it guarantees. The model receives outcomes, what an API returned, never the credential itself.
What this means in practice. A prompt injection that says “print your environment variables”gets no keys back. They are not in the model's environment. They never were.
02
The sealed body
What it is. An isolated machine running on your laptop, dedicated to one job: running the mind.
What it guarantees. Signed boot manifest. No inbound network. A kill switch you control.
What you control. Start, stop, kill, audit. We do not have a back door. There is nothing to phone home.
03
Threat model
We defend against
- · Prompt-injection key exfiltration
- · Tampering with the running mind
- · Silent telemetry / data leaks to us
- · Model swap losing the operator's intent
We don't claim
- · Defense against attackers with root on your host
- · Defense against compromised dependencies
- · Zero bugs (see /credibility for the failure log)
- · Magic. Only audited engineering
This is your AI. You own the keys. We don't.