Hyphae documentation

A smaller default attack surface with explicit operator responsibilities.

Hyphae removes mandatory remote infrastructure from the base deployment, but it does not erase host, filesystem, network, key, or backup-custody responsibilities.

Local authority narrows the default attack surface

The base engine owns one local data directory. It does not require network credentials, a database service, an embedding provider, or a cloud control plane.

  • Filesystem permissions and host isolation remain operator responsibilities.
  • At-rest encryption is not claimed by the engine.
  • A local attacker with process or filesystem authority remains inside the threat model.

The optional server is loopback-first

Remote exposure is a deliberate operator action. Authentication, TLS termination, rate policy, and process supervision must be configured before accepting untrusted network traffic.

  • Request, response, concurrency, and timeout limits are bounded.
  • Stable error codes avoid leaking internal detail.
  • Successful reads remain proof-bearing.

Durable formats fail closed

Checksums, digest chaining, canonical snapshots, versioned formats, and compatibility fixtures detect corruption and unsupported state before normal service continues.

  • Indexes are rebuildable and never override log authority.
  • Restore publishes only after complete verification.
  • Compaction commits an anchored generation.

Proofs do not invent trust

A valid result proof demonstrates reexecution against the supplied witness and caller-pinned anchor. The application still owns anchor distribution, identity, key policy, and backup custody.

  • Checksum is not signature.
  • Proof is not authorization.
  • Verification never fetches missing trust material implicitly.

Report privately

Do not open a public issue for a suspected vulnerability. Include the affected version, reproduction, impact, and any proposed mitigation in a private report.

  • Security contact: security@celiums.ai
  • The public GitHub security policy defines supported versions and reporting guidance.