Security Model
Security is foundational to OmniIDE's design. Autonomous code execution requires robust isolation to prevent unintended system modifications.
Security Principles
- Least Privilege — The agent only has access to the current workspace
- Sandbox Isolation — All commands run in the Hardened Sandbox
- Zero Telemetry — No data collection, no cloud dependency for the IDE itself
- Timeout Protection — Runaway processes are killed after configurable timeout
- User Control — Optional confirmation before executing agent commands
Threat Model
| Threat | Mitigation |
|---|---|
| Agent deletes system files | Sandbox restricts file access to workspace |
| Malicious code execution | Process isolation with timeout |
| Data exfiltration | Network access disabled by default in sandbox |
| Resource exhaustion | CPU and memory limits on sandboxed processes |