Security

Local-first. Secure by default.

By design, Flame is a local-first application with deep integration across your filesystem, git, terminals, and AI agents. Robust authorization and loopback restrictions ensure that only you can control your workspace, shielding it from external network access, malicious web pages, and unauthorized processes.

Your code stays on your machine.

Flame reads your files locally and binds to loopback. Nothing is uploaded to run the workspace. Code only reaches an AI provider when you ask an agent to act, and with a local model, it never leaves at all.

Data & AI

You decide what's shared, and with whom

  • Bring your own model and key: Claude, OpenAI, Gemini, or local.
  • With Ollama or LM Studio, prompts and code never leave your device.
  • Per-scope permissions decide what an agent may read or change.
  • Tokens are encrypted at rest and never returned to the client.
  • Telemetry is anonymous and can be turned off.
Responsible disclosure

Found something? Tell us.

We take security reports seriously and respond quickly. Please disclose privately so we can protect users while we fix it.

security@flame-ide.com