Security & limits
Oxidock is local-first, but it still needs clear security boundaries because it can inspect engines and help run commands.
Security model
- Engine access stays tied to your local Docker-compatible provider or configured context.
- Commands should be visible before execution.
- Destructive actions should require stronger confirmation.
- Registry credentials and provider configuration should remain locally controlled.
- The AI assistant runs locally when enabled unless you configure another model endpoint.
Command safety
| Command type | Example | Expected handling |
|---|---|---|
| Read-only | docker ps | Safe to inspect. |
| Mutating | docker restart web | Show effect before execution. |
| Destructive | docker volume rm data | Require explicit confirmation. |
Current limits
Oxidock is early software. Engine compatibility, remote contexts, registry support, and AI features may vary by platform and provider. Check release notes before relying on a workflow in production.
Reporting issues
Use the project repository to report bugs, security concerns, or provider-specific compatibility gaps.