Skip to content

Trust

Local-First AI Coding Security

Last updated: 2026-07-024 min read

Reality Graph’s security posture is architecture, not adjectives: local-first by design, advisory by default, no auto-commit, human approval gates, and a visible answer to “what leaves my machine?”. No guarantees are claimed that the architecture cannot back.

Contents

The principles, stated checkably

  • Local-first. Workflow, repository access, context, validation, and evidence live in your environment. Verifying AI-generated code should not require shipping your repository to another cloud service – what “local” really covers.
  • Advisory by default. Reality Graph reads, checks, and reports. It does not write, commit, or apply code on its own – a person does, at a gate, with evidence in view.
  • Visible data flow. What leaves your machine is determined by your configuration – for example which model API your setup uses under your own agreements – not by a hidden default. “Nothing ever leaves” would be a marketing sentence; “you can see what leaves” is an architecture property.
  • Least surprise. No background jobs on your repository, no telemetry phoning home from your codebase, no silent network access as a side effect of verification.
  • Evidence over trust. Every run produces a reviewable report – including what was skipped. The same standard this page applies to itself.
Schematic of the local-first boundary: verification work stays inside your environment; the only egress is the model API your setup already uses – configured by you, visible to you.

Because these are architecture properties, you do not have to take them on faith – each one has a concrete way to check it:

QuestionHow you verify it yourself
Does source code leave my environment?Inspect the configuration and watch the network egress during a run – the only outbound calls are the model API your setup already uses.
Can it write or commit code on its own?Check the permissions it runs with and the workflow gates: there is no auto-commit path to find.
What exactly happened in a run?Read the evidence report stored with the code – intent, changes, validation results, and what was skipped.
What does the vendor learn about my code?Nothing by architecture: no account requirement, no server-side copy of runs, no telemetry from your repository.
Every security property of a local-first verification layer can be checked in your own environment – no property on this page asks for trust without a way to verify it.

What we deliberately do not claim

A security page is only as trustworthy as the claims it refuses to make. Reality Graph is in private beta, and the following are therefore stated plainly:

  • No certifications yet – no SOC 2, no ISO 27001. If and when formal audits happen, they will be linked here; until then, absence is stated, not papered over.
  • No compliance guarantees– “GDPR compliant” is a property of your deployment and your processes, assessed by your counsel. Architecture can make that assessment easier; a vendor cannot make it for you.
  • No “guaranteed secure AI coding” – verification reduces risk and makes it visible. It does not abolish it, and nobody serious will tell you otherwise.

The website practices what the product preaches

This site runs cookie-free: no visitor IDs, no fingerprinting, no stored IPs, no third-party trackers – aggregate, anonymous signals only, documented in the privacy notes. A product whose pitch is data control should not greet you with a consent banner.

Where Reality Graph fits

Security-sensitive teams are a core audience for a local-first verification layer – and the ones least served by adjectives. Talk to the founder about your constraints, or request early access.

Architecture properties

  • Runs in your environment – local-first by design
  • Advisory by default: reads, checks, reports – never writes on its own
  • Human approval gates on every change
  • Data flow visible in configuration, not hidden in defaults

Deliberately not claimed

  • “Guaranteed secure” – verification reduces risk, it does not abolish it
  • GDPR/SOC 2/ISO certifications – none exist yet; absence is stated
  • “Zero data ever leaves” – what leaves is your visible configuration
  • Enterprise-readiness – it is a private beta, and says so

If these boundaries fit how your team wants to ship:

FAQ

Is Reality Graph secure?
No tool should answer that question with 'yes' – security is a property of your whole setup, not a product feature. What Reality Graph offers are verifiable architecture properties: it runs in your environment, it is advisory by default, it does not auto-commit, and what leaves your machine is determined by your configuration, visibly. Judge it by those properties, not by adjectives.
Does my source code leave my environment?
Reality Graph is local-first: the workflow, repository access, context handling, and evidence reports live in your environment. Where a model API is part of your setup, calls happen under your own agreements and controls – and that data flow is your configuration, not a hidden default. No third-party review service ingests your repository.
Is Reality Graph GDPR compliant / SOC 2 / ISO 27001 certified?
Reality Graph is in private beta and holds no certifications – and we won't claim otherwise. The local-first architecture reduces external processing, which compliance-conscious teams value, but compliance is an assessment of your specific deployment that stays with you and your counsel.
Can Reality Graph modify or commit code on its own?
No. It is advisory by default: it structures tasks, checks boundaries, runs validation, and produces evidence – a human accepts or rejects changes. There is no auto-commit and no hidden write path.
What data does Reality Graph process, and where?
The working data of a verification run – task definitions, boundaries, validation results, evidence reports – is created and stored locally in your environment, alongside the code it describes. Reality Graph does not require an account, does not phone results home, and has no server-side copy of your runs to lose.
How does local-first compare to a cloud review tool for security?
A cloud review service has to receive your source code to review it, which makes its infrastructure part of your attack surface and its data practices part of your compliance story. A local-first layer keeps that surface inside the boundary you already control. Neither approach is automatically 'more secure' – but local-first means one less party to trust, and one less processor to document.
How do I report a security issue?
Via the contact form, marked as security-related. Reports go directly to the founder and are taken seriously – a small product in private beta has no security theater to hide behind, only fast fixes.

Keep reading

Sources

Want to follow the beta, or test it when it opens?

Join early access