Local-first

Your agent memory should belong to you.

Link has no hosted backend, no telemetry, no external API calls, and no cloud account requirement. The safety model is local files, explicit writes, and inspectable provenance.

Privacy Model

  • No telemetry in the installed CLI, MCP server, local web UI, or wiki runtime.
  • No hosted backend.
  • No external API calls from serve.py or link-mcp.
  • Raw sources and generated wiki pages are ignored by git by default.
  • SQLite search, when available, is an in-memory derived index. Markdown remains the source of truth.

The public GitHub Pages documentation may use lightweight analytics to understand install interest. It does not run inside Link, read local wiki data, or capture source/memory content.

Secret Handling

Link scans raw sources, captures, wiki pages, release files, and public artifacts for secret-looking values. It detects common API keys, provider tokens, JWTs, private key blocks, and registry credentials, warns without logging secret values, and refuses normal ingest guidance when raw safety cannot be established. Validation and doctor checks also fail if a secret-looking value is already present in a wiki page before the local UI or MCP tools can serve it as context.

lnk ingest-status
lnk capture-inbox
lnk redact-capture raw/memory-captures/<capture>.md
lnk validate
lnk doctor
python3 scripts/check_release_hygiene.py
Rule Redact or remove secret-looking values locally before asking an agent to ingest a file. Link is not a secret manager.

HTTP Boundary

The local viewer binds to 127.0.0.1, rejects unexpected host/bind flags and unexpected Host headers, and has no authentication. Do not expose it to the internet without adding an auth layer.

HTTP write actions require X-Link-Local-Action: true. Responses include X-Link-API-Version. Proposal analysis does not write pages.

Backups

lnk backup and MCP backup_wiki write local .link-backups/ archives. Raw sources are excluded unless explicitly requested.

lnk backup
lnk backup --include-raw
lnk doctor --fix

Run a backup before broad repair work or large generated changes.

Team Review

For small teams, evaluate Link as a local-first tool first: each developer runs their own CLI/MCP server, then reviewed wiki/ pages can be shared through Git when the team explicitly wants shared memory.

Open the team security checklist

Before Sharing A Repo Or Wiki

python3 link.py doctor
python3 link.py validate
python3 scripts/check_release_hygiene.py
git diff --check

Use git push, git archive, or clean build artifacts for public sharing. Do not zip a whole working directory; ignored local files, .git/, caches, raw sources, and build outputs can be included by accident.

Reporting Security Issues

Use a private maintainer contact channel first. Do not post secrets, private wiki content, raw source files, or exploitable details in public GitHub issues. If a public issue is the only available path, keep it high level and ask for a private follow-up channel.

See SECURITY.md for the current reporting policy.