Security architecture
Nymiria is designed so that the attack surfaces that have compromised other AI agent tools simply don’t exist. Here’s exactly how.
No gateway, no exposure
Nymiria has no local WebSocket server, no open port, and no loopback listener. Agent execution lives inside the app process — completely unreachable from the browser or web.
Keys stay in your OS keychain
API keys are stored using your operating system's native credential store (Keychain on macOS, Credential Manager on Windows, libsecret on Linux). They are never written to disk in plaintext.
Zero telemetry by default
Nymiria does not phone home, collect usage analytics, or transmit session data. The only outbound connections are the AI provider calls you explicitly initiate.
Local-first data model
Your conversations, memory, and project state live in a local SQLite database. Nothing syncs to a cloud server unless you explicitly enable multi-device mode.
BYOK — bring your own keys
You authenticate directly with each AI provider using your own account. Nymiria is never in the token path and cannot see or intercept your provider responses.
Local inference mode
Flip one switch and all requests route exclusively to Ollama or llama.cpp on your machine. A status indicator confirms zero bytes leave the device while the mode is active.
Remote Control — no open ports
In multi-device mode the host server binds exclusively to the Tailscale interface (100.64.x.x) — never to 0.0.0.0 or your LAN. Every request requires a 32-character token. No port is reachable from the internet or any device outside your Tailscale network.
WireGuard-encrypted device mesh
Remote Control traffic travels over Tailscale's WireGuard mesh. Each device holds its own private key — Tailscale's coordination server cannot read your data. In direct-connection scenarios no third-party infrastructure is in the path at all.
How Nymiria compares
Referencing the ClawJacked vulnerability in OpenClaw and similar gateway-based agents.
Multi-device security model
When you connect a phone, tablet, or second laptop to your Nymiria host, here is exactly what happens at the network level — and what cannot happen.
Host binds to Tailscale only
The Nymiria server process on your host machine binds exclusively to your Tailscale IP (100.64.0.0/10 CGNAT range). It never listens on 0.0.0.0, your LAN IP, or any public interface. A device with no Tailscale access cannot see the port at all — it does not exist on the network.
WireGuard tunnel between your devices
Tailscale establishes a direct WireGuard peer-to-peer connection between your devices. WireGuard uses modern Curve25519 / ChaCha20-Poly1305 cryptography. Each device holds its own private key — neither Tailscale nor any relay server can decrypt the traffic.
Token auth on every request
Even inside the encrypted tunnel, every API call must include a 32-character alphanumeric token in the X-Nymiria-Token header. The token is generated locally on first enable and stored in ~/.nymiria/server_token — never transmitted to Nymiria servers.
No data stored on remote devices
Remote devices hold zero local copies of your chats, memory, kanban, or crons. All reads are live API calls to the host. If the connection drops, the remote device goes blank — there is nothing to exfiltrate from a stolen remote device.
API keys never leave the host
AI provider keys are stored in the host's OS keychain and are never transmitted to remote devices — not even over the encrypted tunnel. Remote devices send messages to the host, which executes them using its local keys.
Responsible disclosure
Found a security issue? Email security@nymiria.com. We respond within 48 hours and will credit researchers who report valid issues.