Don't trust us. Inspect the design.
Redactor Desk's security claim is structural, not political: the agent's tool surface cannot lead out unsanitized. This page explains how that's built and where the honest limits are. It's written by our developers — not a third-party audit (an independent audit is on the roadmap).
The core invariant
Two sentences everything hangs on.
- Everything that enters model context — file contents, search results, your own message — passes
sanitize()first. - Everything the model emits — chat text, written file contents, edits — passes restoration before it is displayed or written to disk.
Why the surface can't leak
A single choke point
Detection and tokenization run exclusively locally. There is exactly one place where text becomes model input — and it redacts.
No shell, no built-ins
The agent has no shell access and no built-in tools. Only five file operations are allowed, each through the redaction layer. No channel bypasses it.
Edits in sanitized space
The model edits the sanitized view; real values are re-inserted locally just before the file is written. A hash guard rejects stale edits.
Fail closed
Where a category is set to "block" (Enterprise policy), the sanitizer returns nothing rather than risk letting something through.
Your data
- The Anthropic key is stored encrypted via the OS keychain (Keychain/DPAPI), never in plaintext.
- The placeholder → real-value mapping lives in a local vault on your machine. None of it leaves the device.
- The evidence log (Enterprise, optional) is hash-chained and holds only categories and counts — never the values.
- A backup is written before every file change; every change is reversible.
Honest limitations
- Detection is deterministic and heuristic. What isn't detected isn't replaced — we promise no hit-rate numbers without an independent benchmark.
- "Fully offline" applies to detection and tokenization. The client itself talks to the Anthropic API.
- Regulatory wording is deliberately "supports", never "meets".
Report a vulnerability
Found something? Please report it privately and give us reasonable time to fix it before going public. Please no real secrets in your report.
- Email kontakt@zerodotfive.com, subject "Redactor Desk security".