Security at Vehla

Built to be trusted with the words you wouldn't email to a stranger.

Local-first by design. SHA-256 verified updates. Secrets in Keychain only. No Vehla server-side inference.

Direct Mac distribution

Vehla is distributed as a DMG outside the Mac App Store, with update integrity checked before installation.

SHA-256 update verify

Auto-updates fetch an HTTPS manifest, download the DMG, and refuse to install unless the SHA-256 matches.

No inference server

We have no backend that handles your prompts. Cloud calls go from your Mac directly to the provider you picked. We are not in the loop.

Keys in Keychain

API keys live in macOS Keychain, encrypted at rest, scoped to the Vehla bundle. They never appear in process arguments, environment, or logs.

Local AI mode

When Local AI is enabled, AI actions run through the selected local model instead of a cloud provider.

Explicit macOS permissions

Vehla asks for Accessibility to read selected text and Input Monitoring for global hotkeys. Both are opt-in and reversible in System Settings.

How Vehla handles your data

Everything you do in Vehla flows through one of three paths. Pick the one that matches your threat model.

Path A — Local model

You select an action, Vehla loads the Gemma 4 model into MLX, runs inference on your Mac, streams the output back into the palette, and copies it to your clipboard. No cloud provider call is made for inference.

Path B — Cloud provider with your key

Vehla pulls your key from Keychain, opens an HTTPS connection directly to the provider, streams your prompt up, streams the response down. We do not see the prompt or the response. The provider does — and is bound by their own privacy policy.

Path C — Ollama

Vehla talks to your local Ollama at localhost:11434. The traffic does not leave your machine.

Update integrity

Every release follows this chain:

  1. We build the DMG and compute the SHA-256 of the final artifact.
  2. We add the version, build number, download URL, minimum OS version, release notes, and SHA-256 to update.json.
  3. Your Vehla downloads the manifest, downloads the DMG, and recomputes the SHA-256.
  4. If anything mismatches, the update is rejected and you get an alert. The old build keeps running.

Vulnerability disclosure

Found a security bug? Email kailaconsulting@outlook.com. Include the affected version, steps to reproduce, expected behavior, actual behavior, and any relevant logs or screenshots.

We will acknowledge valid reports and coordinate disclosure once a fix is available.

What we'd love to add (transparency)

  • Reproducible builds.
  • Third-party security review.
  • Public signing and notarization status on the download page.