-
Notifications
You must be signed in to change notification settings - Fork 0
Security Hardening
Jean-Baptiste THERY edited this page Jul 13, 2026
·
1 revision
Ragmir reduces document exposure by keeping its index and normal retrieval local. It is not a security certification and does not replace encrypted storage, operating-system isolation, or review of the consumer that receives retrieved passages.
-
.ragmir/is local generated state and should remain ignored by Git. -
local-hashretrieval needs no model or network service. - Built-in redaction runs before indexing.
- Secret-like filenames are skipped and unsupported files are reported.
- Access logs store metadata and salted query identifiers, not raw prompts or retrieved text.
- MCP tools are read-focused and retrieval output is bounded.
- Remote model downloads require an explicit setup action.
rgr doctor
rgr audit --unsupported
rgr security-audit
rgr security-audit --strictRun the strict audit before using a sensitive corpus. Keep the repository and .ragmir/ on encrypted storage when at-rest protection matters, and use one checkout per trust boundary.
| Capability | Boundary |
|---|---|
| Core retrieval | Local by default |
| Hosted consumer | Returned passages follow that provider's data policy |
| Semantic embeddings | Explicit model download, then local inference |
| OCR | Local command only |
| Ragmir Chat | Explicit verified model download, then local inference |
| Ragmir TTS | Local WAV by default; Edge MP3 sends narration text when selected |
Ragmir cannot protect a compromised machine, an untrusted local user, malicious installed dependencies, or passages deliberately sent to a cloud consumer.
Canonical source: SECURITY-HARDENING.md. Report vulnerabilities through the security policy, not a public issue.