Security and data
arka-deck is a local application. What you produce belongs to you and stays on your machine. Only strictly necessary catalogue resources are fetched from the public Cortex.
What never leaves your machine
Section titled “What never leaves your machine”| Data | Storage |
|---|---|
| Your projects, working files | Your disk, unchanged |
<project>/.arka-deck/ (sessions, memory, logs, ArkaDoc) | Inside the project |
| Chat sessions — timeline, messages, thinking blocks, tool_use, tool_result | <project>/.arka-deck/ |
| Agentic memory and its entries | <project>/.arka-deck/memory/ |
| API keys and secrets | ~/.arka-deck/secrets/ (AES-256-GCM) |
| Governance logs and cortex-actions executions | <project>/.arka-deck/ |
| Prompts you type and agent responses | local |
| Addon and worker manifests | local |
What goes to the public Cortex
Section titled “What goes to the public Cortex”public.arkalabs.app (HTTPS, read-only, no authentication):
- Catalogue lists and sheets: HYOS profiles, blocs, atoms, modes — only when you load the library or install an agent.
mcp__cortex__*MCP requests initiated by an agent during a turn, to fetch a specific bloc or atom by id.
No telemetry, no analytics, no machine identifier, no session content.
What goes to your AI provider
Section titled “What goes to your AI provider”Anthropic, Google, OpenAI depending on your configuration:
- Your prompts, attached files and conversation history, per the policy of the provider you chose.
- arka-deck adds no intermediate route: the connection goes from your machine to the provider’s API, with your key.
Consult your provider’s privacy policy for details.
Cut the public Cortex
Section titled “Cut the public Cortex”If you want no outbound Arka traffic, two options:
- At the network level: block
public.arkalabs.appandmcp.public.arkalabs.app. - Via configuration: set
ARKA_DECK_CORTEX_URL=http://127.0.0.1:0(catalogue in degraded mode, no outbound call).
By default, ARKA_DECK_CORTEX_URL and ARKA_DECK_CORTEX_MCP_URL overrides accept only HTTPS URLs on *.arkalabs.app (anti-SSRF policy). To use an arbitrary URL in development, you need the explicit ARKA_DECK_CORTEX_ALLOW_UNSAFE_URL=1 flag.
Runtime URL policy
Section titled “Runtime URL policy”| Endpoint | Allowed hosts |
|---|---|
ARKA_DECK_CORTEX_URL | *.arkalabs.app HTTPS, or loopback in dev with unsafe flag |
ARKA_DECK_CORTEX_MCP_URL | idem |
ARKA_DECK_CORTEX_RUNTIME_URL | loopback (local Cortex Lite), or *.arkalabs.app HTTPS |
CORTEX_LITE_URL | loopback only (legacy local fallback) |
No arbitrary external host is accepted without an explicit development flag. See ADR 0006 for the decision.
Secrets and encryption
Section titled “Secrets and encryption”| Guarantee | Mechanism |
|---|---|
| API keys encrypted | AES-256-GCM, never plain-text |
| Master key protected | ~/.arka-deck/secrets/secrets.key, mode 600 |
| Alteration detection | GCM auth tag — bit flip → visible error |
| Migration possible | SecretCipher port swappable to macOS Keychain / Linux libsecret |
See ADR 0005 for the decision.
Going further
Section titled “Going further”- Vulnerability response policy: SECURITY.md
- Secure LAN access: 08-reseau-lan