dynobox / security
Security
by design.
Every layer of DynoBox is built with security as a constraint, not an afterthought. From renderer isolation to OS keychain secrets — the architecture enforces it.
Prime Directives
The UI has no direct access to your data, filesystem, or network. Every request flows through a strict IPC bridge — the renderer is sandboxed and untrusted.
OAuth tokens and secrets live in macOS Keychain, Windows Credential Manager, or Linux Secret Service — never in the database. SQLite holds zero credentials.
Every email is sanitized before render. Scripts, remote images, iframes, and event handlers are stripped. Your inbox cannot execute code.
All privileged actions pass through a single PolicyEngine.enforce() call. Nothing bypasses it — not the AI, not extensions, not MCP.
Brain Box can only call explicitly permitted tools. It cannot send email or export data without a confirmation token approved by you.
Sensitive operations produce an append-only audit event. The log is hash-chained for tamper evidence — every allow, deny, and confirm is on record.
Your AI.
Your machine.
Brain Box can run entirely on a local model via Ollama. When local mode is active, your email data never leaves your device — no cloud inference, no remote API calls, no third-party eyes on your inbox.
Your Google OAuth.
Your rules.
DynoBox connects to Gmail using your own OAuth Client ID and Secret — registered in your own Google Cloud project. We never proxy your auth tokens or store credentials on our servers. You own the keys.
Auditable by design.
The security architecture is fully documented and open for inspection. No black boxes, no hidden data flows. Every privileged action is logged in an append-only, hash-chained audit log.
view on github →