CODE PROTECTION.
IRIS implements enterprise-grade application security to safeguard private orchestration scripts, encrypt keys, and validate local runtime integrity.
100% BYOK Model
Bring Your Own Key. IRIS runs using your custom API credentials. No centralized usage metering or remote middleware proxying.
Local OS Keychain
All credentials and keys are stored securely using your operating system's native keychain database, encrypted locally.
Zero Remote Calls
No analytics tracking or validation handshakes. The application runs locally and never transmits configuration profiles.
Shielding Mechanisms & Compilation
To maintain structural integrity and secure the main execution logic from tampering or unauthorized modifications, IRIS employs a multi-tiered binaries shield.
All TypeScript files inside the Main Process (including iris-ai.ts and tools.ts) are compiled directly into raw machine binary V8 bytecode (.jsc files). This prevents standard reverse engineering and source viewing.
System instruction templates, prompt definitions, and tool mapping descriptors are converted into cryptographic, runtime-evaluated function routines. Performing a global search for plaintext API keys or instructions returns null results.
At package build time, a SHA-256 hash map signature is hardcoded. When the application initializes, a background thread performs real-time file validation checks on the archives. Any detected modification results in an immediate safety termination.
The renderer framework operates under strict sandboxing settings. Render context files cannot trigger Node scripts directly. All requests must go through a whitelisted IPC bridge that filters invalid properties.
Local Security Vault
IRIS integrates with native facial biometric systems and standard numeric PIN codes to lock down local execution privileges.
"Lock the system vault"Multi-Face ValidationExecution Disclaimer
IRIS operates with extensive OS-level interaction privileges. It can manage files, invoke terminal routines, and run local automation macros.
- • Ensure API keys are kept private.
- • Custom macros should be audited prior to execution.
- • Standard processes run under user permission profiles.