Product
AI Agents Multi-Model AI Code Review Cloud Deploy Project Memory HQ Kanban Board API Gateway
Platforms
Desktop App CLI Pricing
Resources
Documentation Blog Changelog Roadmap FAQ MuluBench
Company
Our Mission Support Security Status Contact Our Promise Legal
GET MULU CODE

Security at
Mulu Code

Your code, your data, your credentials. Protected by design.

Last updated: March 2026

Overview

Security is foundational to Mulu Code, not an afterthought. We follow a local-first, zero-trust architecture: your project files never leave your machine unless you explicitly choose to deploy. The app communicates with external services only for AI model inference and authentication, and both channels are secured with the measures described below.

Local-First Architecture

All project data lives on your local machine. When you open a project, Mulu Code reads and writes files directly to your chosen directory. There is no background sync, no cloud mirroring, and no silent uploads. Your source code, assets, and configuration files remain entirely under your control.

The only network traffic the app generates is for AI inference (routed through our secure proxy), user authentication, and update checks. None of these transmit your project source code. When you use AI features, only the minimal prompt context for the current request is sent — never your entire codebase.

Encryption

Data at Rest

Sensitive data stored locally is protected with AES-256-GCM encryption. Each encryption operation uses a cryptographically random salt and initialization vector, with key derivation via a memory-hard algorithm. The output includes an authentication tag that verifies data integrity, ensuring encrypted data has not been tampered with.

OS-Level Credential Storage

Credentials requiring maximum protection are delegated to your operating system's native credential store — Keychain on macOS, DPAPI on Windows, and the Secret Service on Linux. Encryption keys are managed by the OS and bound to your user session, meaning they cannot be extracted by reading application files on disk.

In-Transit Encryption

Secrets passed between internal application processes are encrypted with a session-scoped key generated at app startup. Each operation uses a fresh initialization vector. Plaintext values are held in memory only briefly during write operations and immediately cleared. Secret values are never logged anywhere in the application.

Process Isolation

Mulu Code enforces strict process isolation. The UI layer runs in a sandboxed environment with no direct access to the filesystem, system APIs, or credentials. All operations go through a narrow, explicitly defined API surface where every request is validated before execution.

The UI cannot directly read files, write files, execute commands, or access credentials. Every operation passes through an intermediary that performs its own input validation before acting.

Content Security Policy. Production builds enforce a strict CSP: script sources are restricted to the application itself, connection targets are limited to known API endpoints, and object embeds are blocked entirely.

Secure API Routing

All AI model requests are routed through a secure proxy that holds provider API keys as environment secrets. These keys are never sent to, stored on, or accessible from your device. The app authenticates to the proxy using a separate application key, validated on every request.

The proxy enforces origin validation, rejecting requests from unauthorized sources. Rate limiting at 30 requests per minute per IP prevents abuse, with automatic exponential backoff on limit hits. Internal metadata is stripped from responses before they reach the client.

File System Security

The application maintains an allowlist of project directories that you have explicitly opened. Every file operation — reads, writes, deletions, searches — validates that the target path falls within an allowed directory. Paths are normalized and checked to prevent traversal attacks.

Additional protections include a 10 MB file size limit for read operations and a blocklist of dangerous file extensions (.exe, .dll, .bat, .cmd, .sh, .ps1). A dedicated path sanitizer handles malformed inputs from AI tool calls, stripping invalid characters, enforcing length limits, and rejecting corrupted arguments.

Terminal Safety

Terminal commands are screened against a blocklist of dangerous patterns before execution. Destructive operations, privilege escalation attempts, and fork bombs are automatically rejected. All commands run within validated project directories with enforced timeouts to prevent runaway processes.

Secrets Management

Mulu Code provides a secure flow for managing environment variables. Variable names are validated to prevent injection, and target file paths are verified to point within an open project directory. Values are encrypted before internal transmission, decrypted only at the point of writing, and immediately cleared from memory. The UI only ever displays a masked preview of stored secrets.

Security Scanner

Mulu Code includes a built-in security scanner that analyzes your project for vulnerabilities. The scanner runs in a background thread to keep the app responsive and uses a two-stage approach:

Stage 1: Pattern Detection — Files are scanned for hardcoded secrets (API keys, tokens, private keys, connection strings), dangerous code patterns, and common security misconfigurations.

Stage 2: AI-Powered Review — Flagged files are analyzed by an AI model to distinguish real vulnerabilities from false positives with full contextual understanding. Scan results are stored locally with history retained per project.

Cloud

Apps deployed to Mulu Cloud receive DDoS protection, automatic SSL certificate provisioning, and HTTPS by default with no additional configuration. All traffic is encrypted in transit with TLS termination at the edge.

The database layer provides row-level security (RLS) policies, ensuring that queries from your app's users can only access rows they are authorized to see. Authentication supports email/password, OAuth providers, and magic links.

Data & Privacy

Mulu Code does not collect telemetry or usage analytics by default. The app does not track what you build, which files you edit, or how you use features. The only data transmitted is for authentication, AI inference, and explicit deployments.

We do not sell or share your data. We do not use your code, prompts, or project data to train AI models. When you use AI features, prompts are forwarded to the model provider through our proxy, and those providers' own data policies apply. We do not retain copies of your prompts or responses beyond what is needed to complete the request.

You can delete your account and all associated cloud data at any time.

Reporting Security Issues

If you discover a security vulnerability, please report it through our contact page with the subject "Security Report." Include a description, steps to reproduce, and any relevant evidence. We will acknowledge receipt within 48 hours.

We ask that you practice responsible disclosure and refrain from publishing details until we have had the opportunity to investigate and address the issue. We are happy to credit researchers who report valid vulnerabilities.