Skip to content

LocalForge v2.0.0 — On-Device AI Security Gateway

Choose a tag to compare

View all tags
@stalzkie stalzkie released this 18 Jun 13:22
· 23 commits to main since this release
v2.0.0
847db43

LocalForge v2.0.0

A Rust-native, MCP-compliant security gateway for Apple Silicon. Intercepts every git commit through a 3-layer hybrid pipeline — entirely on-device, no cloud, no API keys.

What's in v2.0.0

Core pipeline

  • Layer 1 — Rust AST regex: 7 secret patterns (AWS, Stripe, GitHub PAT, private keys, bearer tokens) — blocks in ~41 µs avg, 0% false positive rate
  • Layer 2 — CoreML / Apple Neural Engine: TF-IDF char n-gram + logistic regression classifier — blocks in ~2s, statistical risk scoring
  • Layer 3 — Qwen2.5-Coder-1.5B via MLX: full semantic code review (security · bug risk · code quality) — advisory only, ~3.8s avg, never blocks

macOS App

  • Native SwiftUI terminal-style UI with live scan output
  • Code Review toggle to enable/disable Qwen L3 per session
  • Per-commit .txt advisory reports in ~/.localforge/reports/
  • Folder button to open reports in Finder

MCP Server

  • JSON-RPC 2.0 over TCP (--mcp-port <port>)
  • scan and ping methods for IDE integrations (Cursor, VS Code)

Packaging

  • Distributable DMG via scripts/package_dmg.sh
  • Git hook installer via scripts/install_hook.sh
  • .localforgeignore support for suppressing false positives

Benchmark Results (80 samples)

Layer Avg Latency Detection Rate False Positive Rate
L1 — AST Regex 40.81 µs 20% (secrets only) 0%
L2 — CoreML/ANE 2,083 ms 15% 10%
L3 — Qwen Advisory 3.8 s advisory advisory-only

Full benchmark graphs in tests/benchmark_results/.

Requirements

  • macOS 14+ on Apple Silicon (M1/M2/M3/M4)
  • Rust 1.78+
  • Python 3.11+
  • Xcode 16+ (to build the app)

Installation

git clone https://github.com/stalzkie/local-forge.git
cd local-forge
cargo build --release
python3 coreml/build_model.py
# Inside the repo you want to protect:
/path/to/local-forge/scripts/install_hook.sh

See the README for full setup instructions including Qwen model download.

Changelog

v2.0.0 — 2026-06-18

  • Initial release

Patch — 2026-06-18

  • Fixed app icon and in-app header logo rendering blank (white-on-transparent from SVG conversion). Replaced with proper PNG source at all required sizes (16–1024px).

MIT License — Copyright (c) 2026 Stalingrad Samulde Dollosa

Assets 3
Loading