Skip to main content
Voss is local-first and repo-scoped. The security model is built around explicit boundaries.

Boundaries

Scoped writes

voss edit grants write access only to explicit targets and relevant existing tests. Other writes require approval after a diff preview.

Shell execution

Shell execution is mutating and potentially risky. It is denied in edit mode and remains subject to lower-level allowlist behavior in broader modes.

Secrets

Voss sessions must not store provider credentials or API keys.
Do not paste secrets into prompts. Treat user-provided prompt text as session content.

Trust goal

The goal is not to make AI work risk-free. The goal is to make risk visible, bounded, and reviewable before it changes your repo.