skip to content

Security

Local by default. Verifiable by design. No magic.

keys

Your SSH keys never leave your machine.

vev reads from ~/.ssh/ and uses your OS keychain (macOS Keychain, gnome-keyring, Windows Credential Manager) for passphrases. We do not sync keys. We do not upload keys. There is no button to.

AI prompts

Your prompts go to the provider you chose. Nowhere else.

BYOK is not a marketing word here. There is no proxy. No middleware. No "AI gateway." You put an Anthropic or OpenAI key in vev, and vev hits api.anthropic.com or api.openai.com directly. Run mitmproxy on the binary. You'll see the TLS sessions go to exactly two places: the provider, and the auto-update server (which you can turn off).

plugins

WASM sandbox. Capability-gated.

Plugins run in wasmtime. They cannot read files they weren't granted, cannot open sockets they weren't granted, cannot execute shell they weren't granted. Every grant shows up in the audit log. Revoke any capability with vev plugin revoke <name> <capability>.

audit log

Every action, append-only, on your disk.

Every session opened, key used, transfer sent, plugin granted, AI call made — logged to ~/.local/share/vev/audit.log. Hash-chained. vev audit verify checks the chain. Export with vev audit export --format=json,syslog,cef.

transfers

P2P, encrypted end-to-end, never transits our server.

X25519 for key exchange, ChaCha20-Poly1305 for the stream, WebRTC for NAT traversal. We publish a STUN server. We do not publish a TURN server, because we do not relay your bytes.

update channel

Signed releases. Reproducible builds.

Every release is signed with our offline key (vev.sh/keys). Builds are reproducible — clone the tag, run cargo build --release --locked, compare the SHA-256. If it differs, file an issue, and the release gets held until we can explain.

what we don't do

  • — No telemetry. No "anonymous usage metrics." Nothing.
  • — No phone-home on commands.
  • — No account. No login. No password.
  • — No cloud-sync of keys, history, or blocks.

responsible disclosure

security@vev.sh · PGP key at vev.sh/keys · 48-hour first-response SLA · public hall-of-fame for reported issues at vev.sh/halloffame.