Security overview
OtoDock runs capable AI agents on infrastructure that holds your data, so security comes first. Agents are contained by default and given access deliberately — you decide exactly which files, which tools, and which network endpoints each one can reach.
This page is the overview. The pages that follow go deeper on each layer.
Defense in depth
OtoDock protects you with several independent layers, so a weakness in one doesn't open the door:
- A kernel-level sandbox wraps every agent on the server. Files outside what the agent is allowed to see simply don't exist in its view, and its network is locked down. There is no "unsandboxed" mode for server-side agents. → The sandbox
- Roles and permissions govern who can do what, and what an agent may do without asking. Sensitive actions pause for your approval. → Permissions
- Encrypted credentials keep your AI subscriptions, API keys, and connected accounts out of reach — stored encrypted, blocked from agent tools, and handed to a session only when they're what that session runs on. → Credentials
Contained by default, access on purpose
The guiding principle is least privilege:
- An agent starts with access only to its own files — not the rest of the server, not other agents, not other users' personal spaces.
- Its network is blocked by default. It can reach the public internet, but not your internal network — until you explicitly grant a tool access to a specific internal service.
- Every potentially-destructive action is gated by a permission mode you control — from pausing for your approval at each step to running fully autonomously.
You open exactly the doors each agent needs, and nothing more.
Reaching your internal network — on your terms
Agents can't roam your network looking for things. But many useful tools do need to reach a specific internal service — a metrics server, a home automation hub, a self-hosted file store. OtoDock lets you grant a tool access to exactly that one endpoint with a single toggle, while every other host on the same network stays unreachable.
→ See Local network access.
Your data and keys stay with you
Everything lives on the server you run. AI subscriptions and API keys are stored encrypted, and a session only ever carries the credentials its own work runs on. OtoDock only talks to the AI providers you connect and the services you explicitly integrate — nothing else leaves your infrastructure.
Next steps
- The sandbox → — how every agent is contained.
- Permissions → — roles, approval modes, and command safety.
- Credentials → — how secrets are stored and protected.