Enterprise · Security

Local by default.
Provable by design.

LeanCTX is built for your threat model: code never leaves the machine, boundaries are enforced in-process, and every action lands in a tamper-evident ledger you can verify without trusting us.

Controls

Six controls, one binary.

All controls run in-process in the same Rust binary that serves context: microseconds of overhead, no extra service, no agent that can be bypassed.

PathJail

Filesystem confinement

Agents read only inside allowed roots. Traversal attempts are blocked and logged, enforced at runtime.

Shell allowlist

Command governance

Dangerous commands are stopped before execution. The allowlist is explicit, versionable and auditable.

Secret redaction

Keys never reach models

Credentials and tokens are stripped from file and shell output before any model sees the content.

Injection detection

OWASP-aligned screening

Untrusted content (web pages, issues, third-party output) is screened for prompt-injection patterns before delivery.

Budgets

Spend under control

Per-role token budgets cap what an agent may consume, enforced in-process rather than in a dashboard after the fact.

Signed audit ledger

Tamper-evident history

Reads, commands and savings land in an Ed25519-signed, hash-chained local ledger. One command verifies the chain.

Data flow

What leaves the machine? Nothing. Verify it.

  • Zero telemetry. No usage pings, no crash reporting, no phone-home. The binary works identically with networking disabled.
  • Local state only. Cache, sessions, knowledge store and ledger are files under your home directory: inspectable, backupable, deletable.
  • Explicit egress. Network calls happen only where configuration enables them (e.g. a provider you connect). Each is subject to the same governance and audit.
  • Open source. The core is Apache-2.0, so your security team can read every code path instead of trusting a vendor PDF.
Verification

Don't trust. Verify.

# check the active security posture
$ lean-ctx doctor
# verify the signed ledger end to end
$ lean-ctx savings verify
# export a signed report for audit / finance
$ lean-ctx savings export

Engineering depth (sandboxing, the threat model, hardening checklist and disclosure policy) lives in the security documentation.

FAQ

What security teams ask.

Does LeanCTX send code or telemetry anywhere?

No. LeanCTX runs entirely on the developer machine with zero telemetry. Cache, knowledge store and audit ledger are local files. The only network egress is what your own configuration explicitly enables — and the audit trail records it.

How is the audit ledger protected against tampering?

Ledger entries are hash-chained and Ed25519-signed. Any modification breaks the chain. lean-ctx savings verify proves integrity end to end, and exports carry the signatures for external verification.

Can LeanCTX run air-gapped?

Yes. The binary operates fully offline: compression, cache, memory, search and the signed ledger are all local. Enterprise adds signed bundles and policy packs for offline distribution.

Bring your threat model.

A pilot includes a security review session: your policies, your boundaries, and a signed report of everything the agents read, ran and saved.

Book a pilot Security docs