CoreLayer Docs
Architecture

Security Model

How CoreLayer protects your data and controls tool execution.

CoreLayer is designed with a local-first, permission-controlled security model.

Core Principles

  1. Local-first — data stays on your machine by default
  2. Permission-controlled — tool execution requires explicit policies
  3. Auditable — all actions are logged
  4. Visible — nothing happens without you knowing

Data Security

Local Storage

By default, all data is stored in a local SQLite database:

  • Conversations
  • Tasks and reading lists
  • Audit logs
  • Model configurations
  • User preferences

The database file is stored in the user's application data directory and is not transmitted anywhere.

Optional Cloud Sync

When Supabase is enabled:

  • Data is encrypted in transit (HTTPS)
  • Supabase handles encryption at rest
  • You control the Supabase project and its access policies

API Keys

  • Stored in the local config file
  • Can reference environment variables
  • Never transmitted to CoreLayer's own servers
  • Only sent to the configured AI provider

Tool Execution Security

Permission Guard

Every tool call goes through the Permission Guard:

Tool call → Risk classification → Policy check → Execute or block

Risk Levels

LevelAuto-Execute?Examples
ReadYesList files, read data
WriteNo (confirm)Create/modify files
ExternalNo (confirm)API calls
DestructiveNo (confirm + warning)Delete data
Credential-sensitiveNo (block)Access tokens

Audit Trail

Every tool execution is logged with:

  • Timestamp
  • Tool name and source
  • Parameters (sanitized)
  • Risk level
  • User decision
  • Execution result

Network Security

Localhost Only

The daemon API is only accessible from localhost:

  • Not exposed to the network
  • No remote access by default
  • Tauri IPC is local only

External Connections

CoreLayer only connects to:

  • AI providers you configure (Groq, OpenRouter, etc.)
  • MCP servers you add
  • Supabase if you enable cloud sync

No telemetry, analytics, or phone-home connections.

Tauri Security

Tauri provides additional security:

  • Sandboxed webview — frontend can't access system directly
  • IPC whitelist — only registered commands are allowed
  • Process isolation — daemon runs as separate process

Threat Model

ThreatMitigation
Malicious tool callPermission Guard + audit log
Data exfiltrationLocal-first storage, no telemetry
Unauthorized accessLocalhost-only API
Model prompt injectionTool parameter validation, risk classification, Permission Guard confirmation for non-read calls
Compromised MCP serverPermission Guard blocks risky calls

Next Steps

On this page