Your source stays
on your machine.
Most memory tools ask you to trust them with your code. SecondOS is built so you do not have to. We store the map, not the code, and give you a self-host path when even the map should stay home.
What leaves your machine
One rule, enforced end to end: the map crosses, the source never does.
The map, not the code
We upload the structure-aware map (symbols, signatures, routes) and embeddings. File bodies are read and embedded on your machine; only the vector and line references persist. Value-level redaction strips inline secrets first, and every skipped secret is surfaced to you rather than silently dropped.
Prefer zero cloud? Self-host →# what leaves your machine map.json ✓ symbols, routes, signatures vectors.json ✓ embeddings only (no source) ── your source ── ✗ read locally, never uploaded ── .env / *.key ── ✗ never read ── inline secret ── ✗ redacted + surfaced to you
Map only, never source
We upload symbols, signatures and routes plus embeddings. File bodies never leave your machine. There is nothing to leak because the source was never sent.
Secrets skipped, then surfaced
Files like .env, *.key, *.pem and credentials are never read. Inline keys are stripped by value-level redaction before anything is embedded — and we tell you, never silently.
Encrypted integration keys
Connect ClickUp or GitHub and the credential is hashed and encrypted at rest, following the same vault pattern as our auth tokens. Every action is written to an audit log.
Self-host when you need it
Prefer zero cloud? Run the whole map and memory layer inside your own perimeter. Nothing crosses your trust boundary because there is no boundary to cross.
Self-host: nothing leaves at all
On Enterprise you run the full map and memory layer inside your own infrastructure. The cloud is optional, not assumed.
Your infrastructure, your boundary
Deploy the API, extractor and memory store on your own hosts. Point your AI tools at your instance over MCP. There is no external hop, so compliance review is a deployment question, not a data-sharing one.
See Enterprise →# self-hosted topology your-ci → extract map (runner) your-host → SecondOS API + store your-tools → MCP → your-host ── external hop ── ✗ none
Security FAQ
Can SecondOS reconstruct my code from the map?
No. The map is names, signatures and structure plus vector embeddings. There is no file body to reconstruct from — it was never uploaded.
What happens if there is a key inline in my code?
Value-level redaction strips it before embedding, and the finding is surfaced to you. We fail loud, not silent — you always know what was skipped.
Where does the GitHub App run extraction?
On the runner, inside your CI boundary. Only the resulting map and vectors are sent to the cloud. The source-never-leaves invariant holds on the runner too.
How are ClickUp / GitHub keys stored?
Hashed and encrypted at rest in a credential vault, never logged in plaintext. Writes through the action layer require an explicit confirm and are audit-logged.
Trust that you can verify, not just take.
> daemon: kaynağın makinende kaldı. ben sadece haritayı gördüm.