Security Model

Security Philosophy

ARX is designed with security as a first principle. The system operates entirely locally by default — your data, your AI model, and your server operations never leave your machine unless you explicitly enable features like the Playit tunnel.

Local-First Operation

• All AI processing runs locally through Ollama — no cloud API calls
• Server management operates entirely on your machine
• Dashboard is served locally, accessible only on your network by default
• No telemetry, analytics, or phone-home behavior

Command Execution Safety

ARX implements multiple layers of command execution safety to prevent unintended operations:

• Controlled command pathways: Only predefined, validated commands are executed
• OP-only execution boundaries: Server commands require operator-level permissions
• Explicit validation safeguards: Commands pass through validation before execution
• No arbitrary code execution: AI suggestions are validated, not auto-executed

Release Integrity

Every ARX release includes SHA-256 checksums so you can verify download authenticity:

# Download checksums
curl -fsSL https://arxmc.studio/checksums.txt -o checksums.txt
# Verify
sha256sum -c checksums.txt

See Release Verification for the complete guide.

Security Reporting

If you discover a security vulnerability, please report it responsibly by emailing security@arxmc.studio. Do not open public issues for security vulnerabilities.