Security & Trust Center
OrBit builds cryptographic trust gates around your local workspace synchronizers. Review our architecture parameters below.
1. End-to-End Cryptographic Pairing
Pairing connection scripts exchange local Ed25519 public keys. All synced messages, CRDT operations, and folder validation hashes are signed client-side, making spoofing or unauthorized daemon loops impossible.
2. Zero-Knowledge Relay Loops
When clients operate across WAN networks, packages pass through secure proxy relays. Because payloads are encrypted using keys stored strictly on your local endpoints (never on the relay), relay nodes have zero knowledge of folder schemas or files.
3. Port Security & Loopback Defaults
The background Rust daemon binds natively to localhost. By default, it ignores external network requests, preventing port-scanning or unauthorized network loops. Multi-peer pairing must be explicitly enabled and authenticated.
4. Sandboxed Code Audits
Editor plugins and compiled Tauri binaries undergo strict static analyses before shipping. We ensure no external scripts or unverified third-party libraries run inside the core workspace indexer loops.