Your code and data stay on your machine.
KB Labs runs on-prem by default, open source end-to-end, and never sends data without your explicit action. Everything below is verifiable in source.
What leaves your network.
Full data movement map — no "approximately" or "sometimes".
| Data type | Destination | Condition | Status |
|---|---|---|---|
| Source code | Your machine only | Never transmitted | On your machine |
| Workflow state | Your machine only | Never transmitted | On your machine |
| LLM prompts | Your chosen provider | Only when you trigger AI features | Sent with consent |
| Git diffs (demo) | Gateway proxy | Only in demo mode, opt-in | Sent with consent |
| Crash reports | Never collected | No error tracking | On your machine |
| Usage analytics | Never collected | No telemetry by default | On your machine |
| API keys | Local config only (0600) | Never logged or transmitted | On your machine |
Secure by default, not optional.
On-prem by default
KB Labs runs entirely on your infrastructure. No cloud dependency, no data leaving your network. You control where your code, workflow state, and logs are stored.
Consent-first data sharing
Nothing is sent externally without explicit user consent. The CLI installer asks before every network call. Demo mode offers three choices: gateway proxy, local only, or bring your own API key.
Open source & auditable
The entire platform is open source. Every line of code is auditable. No black boxes, no hidden telemetry, no trust-us-it's-safe. Verify yourself.
Four layers of sandbox isolation.
A plugin cannot access resources it didn't declare in its manifest — that's a contract, not a recommendation.
Manifest declaration
Plugins declare required capabilities upfront. Runtime refuses undeclared access.
In-process isolation
Default mode. Plugin runs in the same process with permission enforcement via middleware.
Subprocess isolation
Plugin spawns in a child process. IPC-only communication, no shared memory.
Container isolation
Plugin runs in an OCI container. Full filesystem and network isolation.
Tokens live on your machine.
Gateway uses no centralized auth service — keys are generated and stored locally.
| Token scope | Device-scoped JWT |
| Token storage | Local file, 0600 permissions |
| Token sharing | Never shared across users |
| Auth method | JWT Bearer tokens |
| Key rotation | CLI command: kb gateway rotate |
| Revocation | Immediate, no TTL dependency |
Honest about certifications.
Early stage — no lies about status.
MIT-licensed. Full source code available on GitHub for audit and contribution.
Data processing agreement available on request for organizations that require it.
Role-based access control and SSO (SAML/OIDC) planned for Enterprise tier.
Found a vulnerability?
If you found a vulnerability — contact us before public disclosure. We respond within 48 hours and publicly thank researchers after the fix ships.
Let's talk security.
If you have special security requirements or want to run an audit — reach out directly.