Security

Honest aboutwhat we can and cannot see.

No marketing absolutes. Here is exactly how the connection works, who holds the keys, and what the relay does and does not have access to.

Trust model
Outbound-only · you hold the keys · self-host
The trust model in practice — allow / ask-first / deny rules, a live prompt, and an audit trail

Outbound-only

Your machines dial the relay. Nothing listens for inbound connections, so there are no open ports to scan or exploit and no firewall holes to punch.

You hold the keys

Credentials and provider keys live on your machines and in your accounts, not baked into the agent. Revoke a machine and its access is gone.

Self-hostable relay

The agent and the relay that coordinates them are open source under Apache 2.0. Run the relay on your own infrastructure and no traffic touches our servers.

What the relay can see

  • That a machine is online and reachable, for presence and routing.
  • Messages it routes between you and your machines while it relays them.
  • On the hosted plan, metadata needed to meter fleet usage and run Jarvis.

What it does not do

  • It does not store your machine credentials — those stay on the machines.
  • It does not need root on your machines; the agent runs as your user.
  • Self-host the relay and we see nothing at all — it never reaches us.

Verify it yourself

01Watch the network — the agent only makes outbound connections.
02Check the process — it runs as your user, not root.
03Read the source — the agent and relay are open source.
04Self-host the relay and route zero traffic through us.

See it in action

Chat with a machine in under a minute.

DownloadHow it works