Skip to content

Security Hardening

Jean-Baptiste THERY edited this page Jul 13, 2026 · 1 revision

Security hardening

Ragmir reduces document exposure by keeping its index and normal retrieval local. It is not a security certification and does not replace encrypted storage, operating-system isolation, or review of the consumer that receives retrieved passages.

Secure defaults

  • .ragmir/ is local generated state and should remain ignored by Git.
  • local-hash retrieval needs no model or network service.
  • Built-in redaction runs before indexing.
  • Secret-like filenames are skipped and unsupported files are reported.
  • Access logs store metadata and salted query identifiers, not raw prompts or retrieved text.
  • MCP tools are read-focused and retrieval output is bounded.
  • Remote model downloads require an explicit setup action.

Check a workspace

rgr doctor
rgr audit --unsupported
rgr security-audit
rgr security-audit --strict

Run the strict audit before using a sensitive corpus. Keep the repository and .ragmir/ on encrypted storage when at-rest protection matters, and use one checkout per trust boundary.

Network boundaries

Capability Boundary
Core retrieval Local by default
Hosted consumer Returned passages follow that provider's data policy
Semantic embeddings Explicit model download, then local inference
OCR Local command only
Ragmir Chat Explicit verified model download, then local inference
Ragmir TTS Local WAV by default; Edge MP3 sends narration text when selected

Ragmir cannot protect a compromised machine, an untrusted local user, malicious installed dependencies, or passages deliberately sent to a cloud consumer.

Canonical source: SECURITY-HARDENING.md. Report vulnerabilities through the security policy, not a public issue.

Clone this wiki locally