Vexillon

Security & privacy

Your family's life
never leaves the house.

MIRA is meant to live in your home and earn your trust. That means private by default, secure by construction, and open enough to verify — not a promise in a privacy policy, but the way it's built.

Self-hosted, always

MIRA runs on a machine you own. Conversations, memory, wiki and documents are written to your disk — there is no Vexillon cloud in the loop, because there is no Vexillon cloud.

Memory-safe by construction

The core is written in Rust — no buffer overflows, no use-after-free, the whole class of memory-corruption bugs designed out from the start.

Encrypted secrets vault

Skill credentials live in a per-skill AES-256-GCM vault. Secrets in config are redacted whenever they're read back — never shown, never logged.

Real accounts & roles

Per-user JWT authentication with admin and user roles. Each person sees only their own memory and settings; operator settings are admin-only.

Tool policy & sandbox

A policy layer governs what the agent may do. Code execution runs in an optional Linux sandbox, and shell access is opt-in for trusted deployments only.

Hardened channels

Inbound email passes a security pipeline (allowlist, quarantine, rate limits); WhatsApp and Slack webhooks are signature-verified with replay protection.

The principle

No cloud to leak,
nothing to subpoena.

Cloud assistants work by sending your life to someone else's servers. MIRA inverts that: the intelligence comes to your data, not the other way around. The only things that ever leave your machine are the model calls you explicitly configure — and even those vanish if you run a local model.

  • Your data stays on your hardware — full stop.
  • You choose the AI model; pick a local one and nothing leaves your network.
  • Every action MIRA takes is logged, explainable, and reversible.
  • Destructive actions (like restoring a backup) are admin-gated and require explicit confirmation.
  • Backups can be encrypted with a passphrase that never leaves your browser.
  • Open source under AGPL-3.0 — audit every line, and improvements to hosted versions stay open too.

Found something? Tell us.

MIRA is young and open source. If you discover a security issue, please report it privately through the repository's security advisories rather than a public issue, and give us a chance to fix it. Responsible disclosure keeps every family running MIRA safer.

Trust, but verify.

It's open source under AGPL-3.0. Read the code, run it offline, see for yourself.

Read the install guide Star on GitHub