Vaner

Security and Privacy

Vaner is designed for local-first operation with explicit scope control.

Ask ChatGPTAsk Claude

Vaner defaults to a conservative posture:

  • Local-first execution
  • No content logging
  • Explicit repository scope (vaner init --path)
  • Exclusion patterns for sensitive files
  • Inspectable context decisions via vaner inspect --last
  • Non-mutating Prepared Work by default: virtual diffs and exports require explicit user action and are never auto-applied to project files
  • Local retention controls via vaner forget
  • Skill discovery defaults to repo-local roots (.cursor/skills/**, .claude/skills/**, skills/**)
  • Privacy zoning for skills (project_local for repo paths, external for outside paths)
  • Global skill scanning is opt-in via [intent].include_global_skills = true

For production deployments, terminate TLS at a trusted reverse proxy and keep Vaner bound to localhost/private networks where possible.

Edit on GitHub

Architecture

How Vaner runs beside your AI client.

Changelog

Notable changes in Vaner documentation and releases.