Back to home
System Integrity

Security & Trust Center

OrBit builds cryptographic trust gates around your local workspace synchronizers. Review our architecture parameters below.

1. End-to-End Cryptographic Pairing

Pairing connection scripts exchange local Ed25519 public keys. All synced messages, CRDT operations, and folder validation hashes are signed client-side, making spoofing or unauthorized daemon loops impossible.

2. Zero-Knowledge Relay Loops

When clients operate across WAN networks, packages pass through secure proxy relays. Because payloads are encrypted using keys stored strictly on your local endpoints (never on the relay), relay nodes have zero knowledge of folder schemas or files.

3. Port Security & Loopback Defaults

The background Rust daemon binds natively to localhost. By default, it ignores external network requests, preventing port-scanning or unauthorized network loops. Multi-peer pairing must be explicitly enabled and authenticated.

4. Sandboxed Code Audits

Editor plugins and compiled Tauri binaries undergo strict static analyses before shipping. We ensure no external scripts or unverified third-party libraries run inside the core workspace indexer loops.