Security & privacy
Trusted with your code.
Local-first execution, no keys to hand out, conversations stored on your machine, and a relay you can run yourself. Here's exactly how Mel handles your keys, your code, and your access.
How it works
Transparent by design.
Where keys live
Provider keys are held server-side on the Mel relay. The app ships no keys, so there's nothing on your machine to leak.
What leaves your machine
Agent tools — read, edit, run — execute locally. Only the context a given model call needs is sent to the relay, which calls the provider.
Where your data lives
Conversations and history are stored locally under your home directory. Mel is local-first by default.
You approve changes
Writes, edits, and commands round-trip an approval card — or you opt into autonomous A⁺ mode explicitly.
Self-host the relay
Run the relay on your own cloud with token auth and per-user daily quotas. Keep all traffic in your control.
Open & auditable
The terminal and relay are MIT-licensed. Read every line, build it yourself, verify what it does.