Trust · Security
Security isn't a feature here. It's the architecture.
Kansei runs autonomous coding agents on your own machine. That only works if the design earns your trust — so your code, your prompts, and your provider keys never have to leave your computer at all. Here's exactly how that holds up.
of your source code or prompts ever reach Uplift servers.
Inference goes straight from your machine to the providers you connect.
Every build will be code-signed and checksum-verifiable before it ships.
Architecture commitments are shown here; public signing and checksum artifacts are deferred until the first signed build.
Where your data goes
Follow the data. Most of it never moves.
The sensitive things stay on your machine. What leaves is content-free service metadata — who's coordinating with whom, model and usage counts — plus your account details. Never your code, prompts, or responses.
Yours by design
Six guarantees, structural — not bolted on.
Your work stays local
Code, prompts, and model responses never touch our cloud. Agents connect straight to your providers.
Never proxied
Bring the subscriptions you already pay for; your inference goes straight to your providers. Kansei never sees or relays your prompts or responses — account-backed service metering records only content-free usage totals for your dashboard and service protection.
Approved by code
A new device joins only when you match a code shown on it — over an encrypted tunnel to your machine, never through ours.
Blind by construction
The coordination layer never receives your code, prompts, or responses. It works from workflow signals — who's waiting on whom, model and token counts — never from what you're building.
Only authorized sessions reach in
A session can be messaged or woken only by others you've authorized. Nothing outside your team can interrupt.
On hardware you control
Your compute, your credentials, your machine. The leverage is real, and it's entirely yours.
Control the autonomy
Agents act on their own — within limits you set.
Unattended runs are powerful, so every agent operates inside guardrails you define. You can step in, scope down, or stop the whole fleet at any moment.
Scope it before it runs
Pick each agent's permission mode, allow or deny tools by name, and sandbox Codex sessions read-only or workspace-only — before it starts.
Isolated working copies
Run agents in their own git worktrees — separate branch and checkout — so work never touches your main tree. Codex sessions add OS-level read-only or workspace bounds.
Review before it lands
Pair agents drafter-and-reviewer so a second one signs off before the PR opens. Branch protection stays with your git host; Kansei adds the review step.
Steer or stop, instantly
Jump into any session mid-run — redirect it, take over, or kill it outright — from your desktop or your phone.
A local record on your machine
Agent conversations and tool calls, plus session lifecycle, are logged locally so you can see what happened and why.
Works the way you already work
Agents operate inside Git, so review, diff, and rollback are exactly the tools you already trust.
Identity, not surveillance
A fleet this powerful needs a lock on the front door.
Your agents hold your provider keys, read your repositories, and can run unattended for hours — enormous leverage you don't want available to anyone who simply installed the app. Authentication is that lock: it binds that power to an identity you control, so it works for you and no one else. We verify who's at the door, never what you're building.
Your keys and code can't be wielded by anyone else
Agents carry your provider keys and read your repositories — so that power is gated. Your account decides what runs; your approval decides which devices connect; your keys never leave your machine. Installing the app grants none of it.
Always yours to undo
Every paired device in one place. Remove any you don't recognize — or reset them all at once, and old keys and sessions stop working immediately.
Every run has a name on it
Because each session is tied to an identity, your local audit log shows who set an agent loose — not just what it did. Real accountability when more than one person can drive the fleet.
Running agents needs a valid account, so your sign-in is the one thing Kansei checks with us. But it carries identity, not content: your code, prompts, and provider keys never leave your machine — the check confirms it's you, not a look at your work. An account also keeps an unlicensed copy from running on your dime. And if our service is ever unreachable, sessions already running keep going and you can keep working offline for a stretch — only starting fresh sessions eventually needs a reconnect, the same way a model-provider outage would stall agents mid-thought.
How we build it
The boring practices that matter.
Least privilege
The app requests only the access it needs. Your Claude and Codex logins stay with their own tools, and any local-model key stays in your config on your machine — never sent to us.
No trackers or crash SDKs
Kansei does not ship marketing analytics, RUM, or crash-reporting SDKs. Account-backed features send only the content-free control-plane and usage totals needed for licensing, orchestration authority, and your usage view.
Reviewed dependencies
Third-party code is vetted and pinned, and updates will ship through signed, reproducible builds.
Every build will be code-signed and notarized before release. SHA-256 checksums will be published alongside each build on the downloads page at launch.
Read the fine print, too.
The same principles, spelled out — what we collect, how we handle it, and the terms you're agreeing to.