Security
Keyoku is local-first by design: no cloud, no telemetry, no account. The security model has one trust boundary — your approval — and an audit trail around everything else.
Local-first state
All state lives in ~/.keyoku (override with KEYOKU_HOME). The directory is created with mode 0700 and files with mode 0600 — readable only by your user.
| File | Contents |
|---|---|
~/.keyoku/activity.jsonl | The activity trace — one event per tool call, size-capped ~10k events |
~/.keyoku/executions.json | Step-by-step workflow execution state |
What leaves your machine
There is no telemetry. The only network calls Keyoku makes on its own behalf are SLM refinement calls — and only if you configure GEMINI_API_KEY or ANTHROPIC_API_KEY. With no key set, nothing leaves the machine. (Connectors you register obviously talk to whatever you point them at.)
The trust boundary: approval
Approval is the trust boundary. An approved template executes shell commands with your user privileges — there is no sandbox between an approved bash step and your system. Review templates the way you review shell scripts before approving them, especially templates refined by a model or drafted by an agent.
Guardrails
| Guardrail | Detail |
|---|---|
| Approval gate | Nothing executes until you approve a template. Connector calls at the approve level queue for explicit sign-off. |
| Autonomy levels | Per-connector: observe (calls refused), suggest, approve (queued), autonomous (direct). You choose how much rope each connector gets. |
| Read-only OpenAPI by default | Connectors synthesized from an OpenAPI spec are read-only unless you explicitly pass allowMutating. |
| Bash step limits | 30-second timeout, SIGTERM then SIGKILL, output captured and truncated to 2000 characters. |
| In-order execution | execution_complete enforces in-order step completion — no skipping past a human_review. |
| Append-only audit trail | Every action is recorded. Inspect it with audit_list or keyoku audit. |
Open source
Keyoku is MIT-licensed — audit the code yourself at github.com/Keyoku-ai/keyoku.
Related
- Connectors — autonomy levels and the approval queue
- Workflows — step types and what they may do