Source code boundary
ImplementedRepository source, env files, and API keys are not uploaded by the CLI.
Public trust posture
0dai Trust Center
Security, privacy, compliance posture, subprocessors, and vulnerability disclosure for the 0dai agentic knowledge layer.
Current release
v4.1.0
Core MCP tools
49
Registered MCP tools
103
Primary data model
Local-first
Compliance
Clear status, no borrowed badges
This page distinguishes implemented controls, dogfood enforcement, and planned compliance work. Certification claims appear only after evidence exists.
Dirty-tree and protocol gates
DogfoodAgent work is guarded by issue-first, tasklist, scope, and worktree hygiene checks.
SOC 2 / ISO 27001
Not yet certifiedFormal certification is not claimed. Evidence collection and control mapping are planned.
Cloud Knowledge Graph
PlannedThe free graph is file-backed today. A paid Postgres/Supabase substrate is planned.
Documents
Security and legal references
The first public packet is intentionally small: current public documents, product facts, and a request path for enterprise review.
Privacy Policy
What we collect, what stays local, and how project telemetry is handled.
Terms
Service terms, acceptable use, billing, and account responsibilities.
Setup Guide
Activation-first install path and local project wiring.
Pricing
Free local graph, Pro access, and planned Team cloud graph capabilities.
GitHub Repository
Public source, issues, pull requests, and release history.
Security Packet
Available by request while the formal trust packet is being assembled.
Security Controls
Controls that map to real agent risk
0dai focuses on the failures that hurt agentic development: secret exposure, repo pollution, unscoped delegation, stale memory, and unreviewed destructive actions.
Local-first source handling
Implemented0dai builds context from manifest files, metadata, and generated ai/ artifacts without sending repository source code by default.
Activation and plan gates
ImplementedCloud-facing features start from explicit activation and are constrained by the account plan.
Provider and BYOK boundary
ImplementedModel provider use is operator-controlled. Customer keys stay in local secret storage when BYOK is used.
Dirty worktree guard
DogfoodAgents are expected to isolate task branches, detect unrelated changes, and keep mergeable work from piling up.
Protocol preflight
DogfoodNon-trivial agent dispatch is checked for linked issue, tasklist, profile, scope, plan, and acceptance criteria.
CI security checks
Soft-warningThe project runs targeted tests plus security-oriented scans such as secret and dependency checks. Some scans report findings as warnings while gating is hardened.
Audit trail
DogfoodOperational decisions, memory rule access, and agent activity are recorded into append-only project logs.
Human-reviewed migrations
ImplementedDatabase migrations and destructive actions require explicit human review before execution.
Data Handling
Local by default, explicit when cloud is involved
The trust boundary is built around what the CLI needs for project intelligence versus what must remain on the operator machine.
File-backed graph
Secrets stay local
Audit-ready logs
What stays local
Source files, .env files, credentials, private keys, and raw repository contents stay on the operator machine unless explicitly shared outside 0dai.
What may sync
Account state, plan tier, CLI version, command outcome telemetry, generated manifest summaries, and support reports may be used for cloud features.
Current graph storage
The free product uses a file-backed local graph in the repository. It is designed for inspection and portability.
Planned cloud substrate
Paid shared knowledge graph capabilities are planned on a Postgres/Supabase-backed substrate, not shipped as a completed graph database today.
Subprocessors
Subprocessors and providers
This is the public provider view for current product posture. A formal exportable subprocessor register should follow before enterprise launch.
ProviderPurposeData
Provider
Google / GitHub
Purpose
OAuth sign-in where enabled
Data
Identity claims and account linkage
Provider
Wallet Pay / TON rails
Purpose
Billing and checkout flows where available
Data
Payment session metadata
Provider
Self-hosted analytics
Purpose
Product usage analytics
Data
Aggregated web events and project telemetry described in the Privacy Policy
Provider
Operator-selected model providers
Purpose
AI execution through BYOK or local configuration
Data
Only the context the operator intentionally sends to that provider
Provider
Hosting and infrastructure providers
Purpose
0dai website, dashboard, API, and cloud services
Data
Operational logs, account metadata, and service telemetry
Vulnerability disclosure
Report suspected security issues to hello@0dai.dev. Include impact, reproduction steps, affected versions, and whether sensitive data was exposed.
In scope
CLI, website, dashboard, public API endpoints, generated ai/ layer, docs, and agent protocol guardrails.
Out of scope
Social engineering, destructive testing against customer repositories, spam, and high-volume rate-limit noise.
FAQ
Frequently asked trust questions
Short answers for security reviews, procurement, and teams deciding whether 0dai fits their repo boundaries.
Does my source code leave my machine?
No by default. The public posture is local-first: source files, secrets, and env files are not uploaded by the CLI.
Are you SOC 2 or ISO 27001 certified?
Not yet. We do not claim those certifications. This page separates implemented controls from planned compliance work.
Is the cloud Knowledge Graph shipped?
No. The free graph is file-backed today. A paid cloud graph substrate is planned and will be documented separately before launch.
Can teams request a security review packet?
Yes. Email hello@0dai.dev and include the plan, data-flow questions, and procurement requirements you need answered.