Privacy and control
A privacy-first AI terminal for macOS
Most AI terminals assume a hosted account and send your context to their cloud. Taviraq is built the other way around: you choose the provider, secrets are masked locally before any request leaves the app, and API keys stay in the macOS Keychain.
What "privacy-first" means in Taviraq
- Local secret masking — Taviraq scans assistant requests locally and replaces detected secrets before provider traffic leaves the app.
- Keychain-stored keys — API keys are kept in the macOS Keychain through keytar, not in project config files.
- Explicit context — the assistant only receives the context mode you select: selected text, recent output, or the current session.
- Your provider — connect Anthropic, OpenAI-compatible APIs, Ollama, or LM Studio. You decide who receives the context.
- Confirmation before resolving secrets — commands that reference a masked local secret always require confirmation before Taviraq resolves the value locally.
- Local by default — non-secret settings, prompts, and configuration are stored locally in app data.
Run fully local if you want to
Because providers are your choice, you can point Taviraq at a local model through Ollama or LM Studio and keep assistant traffic on your own machine. Use separate models for chat and for command-risk classification.
Safety is part of privacy
Agent mode checks built-in protected-command patterns and then asks a dedicated command-risk model before auto-execution. If classification fails or cannot be parsed, the command is treated as risky and requires confirmation. Risky or unclear commands pause in an in-app confirmation modal before they touch your shell.