Back to home

Trust · Security

Security isn't a feature here. It's the architecture.

Kansei runs autonomous coding agents on your own machine. That only works if the design earns your trust — so your code, your prompts, and your provider keys never have to leave your computer at all. Here's exactly how that holds up.

0 bytes

of your source code or prompts ever reach Uplift servers.

100% direct

Inference goes straight from your machine to the providers you connect.

Signed at launch

Every build will be code-signed and checksum-verifiable before it ships.

Architecture commitments are shown here; public signing and checksum artifacts are deferred until the first signed build.

Where your data goes

Follow the data. Most of it never moves.

The sensitive things stay on your machine. What leaves is content-free service metadata — who's coordinating with whom, model and usage counts — plus your account details. Never your code, prompts, or responses.

Data flow solid = your content · dashed = metadata only
Your machine Local runtime • source code • prompts & responses • agent transcripts • provider keys in OS keychain • coordination engine Your providers Anthropic · OpenAI local models Coordination layer workflow state · no content Uplift servers account · billing · usage ✕ no code · no prompts inference · direct + encrypted workflow metadata · never content account · billing · usage
your content metadata only Blind by construction — the network can't read what it never receives.

Yours by design

Six guarantees, structural — not bolted on.

Your work stays local

Code, prompts, and model responses never touch our cloud. Agents connect straight to your providers.

Never proxied

Bring the subscriptions you already pay for; your inference goes straight to your providers. Kansei never sees or relays your prompts or responses — account-backed service metering records only content-free usage totals for your dashboard and service protection.

Approved by code

A new device joins only when you match a code shown on it — over an encrypted tunnel to your machine, never through ours.

Blind by construction

The coordination layer never receives your code, prompts, or responses. It works from workflow signals — who's waiting on whom, model and token counts — never from what you're building.

Only authorized sessions reach in

A session can be messaged or woken only by others you've authorized. Nothing outside your team can interrupt.

On hardware you control

Your compute, your credentials, your machine. The leverage is real, and it's entirely yours.

Control the autonomy

Agents act on their own — within limits you set.

Unattended runs are powerful, so every agent operates inside guardrails you define. You can step in, scope down, or stop the whole fleet at any moment.

Scope

Scope it before it runs

Pick each agent's permission mode, allow or deny tools by name, and sandbox Codex sessions read-only or workspace-only — before it starts.

Isolate

Isolated working copies

Run agents in their own git worktrees — separate branch and checkout — so work never touches your main tree. Codex sessions add OS-level read-only or workspace bounds.

Gate

Review before it lands

Pair agents drafter-and-reviewer so a second one signs off before the PR opens. Branch protection stays with your git host; Kansei adds the review step.

Interrupt

Steer or stop, instantly

Jump into any session mid-run — redirect it, take over, or kill it outright — from your desktop or your phone.

Trace

A local record on your machine

Agent conversations and tool calls, plus session lifecycle, are logged locally so you can see what happened and why.

Version control

Works the way you already work

Agents operate inside Git, so review, diff, and rollback are exactly the tools you already trust.

Identity, not surveillance

A fleet this powerful needs a lock on the front door.

Your agents hold your provider keys, read your repositories, and can run unattended for hours — enormous leverage you don't want available to anyone who simply installed the app. Authentication is that lock: it binds that power to an identity you control, so it works for you and no one else. We verify who's at the door, never what you're building.

Your keys and code can't be wielded by anyone else

Agents carry your provider keys and read your repositories — so that power is gated. Your account decides what runs; your approval decides which devices connect; your keys never leave your machine. Installing the app grants none of it.

Always yours to undo

Every paired device in one place. Remove any you don't recognize — or reset them all at once, and old keys and sessions stop working immediately.

Every run has a name on it

Because each session is tied to an identity, your local audit log shows who set an agent loose — not just what it did. Real accountability when more than one person can drive the fleet.

What reaches us — and what never does

Running agents needs a valid account, so your sign-in is the one thing Kansei checks with us. But it carries identity, not content: your code, prompts, and provider keys never leave your machine — the check confirms it's you, not a look at your work. An account also keeps an unlicensed copy from running on your dime. And if our service is ever unreachable, sessions already running keep going and you can keep working offline for a stretch — only starting fresh sessions eventually needs a reconnect, the same way a model-provider outage would stall agents mid-thought.

How we build it

The boring practices that matter.

01

Least privilege

The app requests only the access it needs. Your Claude and Codex logins stay with their own tools, and any local-model key stays in your config on your machine — never sent to us.

02

No trackers or crash SDKs

Kansei does not ship marketing analytics, RUM, or crash-reporting SDKs. Account-backed features send only the content-free control-plane and usage totals needed for licensing, orchestration authority, and your usage view.

03

Reviewed dependencies

Third-party code is vetted and pinned, and updates will ship through signed, reproducible builds.

Signed & verifiable at launch

Every build will be code-signed and notarized before release. SHA-256 checksums will be published alongside each build on the downloads page at launch.

Read the fine print, too.

The same principles, spelled out — what we collect, how we handle it, and the terms you're agreeing to.

Download Kansei