Security model

All website access to local models is mediated by the browser. Pages never touch the model backend directly.

Boundaries

• The bundled backend binds to a private loopback port and is reachable only through a broker that holds a per-run secret token. Web pages never see the port or token.
• The navigator.napcar.ai API is a trusted browser binding — it cannot be forged by page scripts. The npm SDK only wraps it (or falls back to the virtual endpoint); it never fabricates the trusted object.
• Per-origin permissions, rate limits, and concurrency caps prevent abuse.
• Provider API keys are never forwarded to the local backend or written to logs during cloud-substitution.

Reporting

Security reports can be sent to the project maintainers via the GitHub repository.