Skip to main content
repr was built for developers who work on sensitive code. Whether you’re in defense, healthcare, finance, or building a stealth startup—your code can’t leave your machine. This guide covers enterprise deployment, compliance requirements, and maximum-security configurations.

Security Guarantees

What repr Never Does

  • ✗ Make background network calls
  • ✗ Send telemetry or analytics
  • ✗ Store API keys in config files
  • ✗ Upload code without explicit user action
  • ✗ Run daemons or background processes
  • ✗ Access your source code (only reads git metadata)

What repr Always Does

  • ✓ Runs entirely locally by default
  • ✓ Stores everything in ~/.repr/ on your machine
  • ✓ Uses OS keychain for sensitive data (API keys)
  • ✓ Provides audit logs of all network activity
  • ✓ Allows permanent local-only lock
  • ✓ Works in fully air-gapped environments

Air-Gapped Deployment

For classified, restricted, or fully offline environments.

Installation in Air-Gapped Environments

Step 1: Download on internet-connected machine
Step 2: Transfer to air-gapped machine Use approved transfer methods (USB drive, secure file transfer, etc.) Step 3: Install on air-gapped machine
Step 4: Install local LLM (Ollama) Download Ollama and model weights on internet-connected machine:
Transfer ollama binary and ollama-models.tar.gz to air-gapped machine, then:
Step 5: Lock repr to local-only mode
Output:
Step 6: Use normally

Network Verification

Verify that repr makes zero network calls:
You can also use strace (Linux) or dtrace (macOS) to verify no network syscalls.

Compliance Requirements

HIPAA (Healthcare)

Requirements:
  • ✅ No PHI leaves local machine
  • ✅ Audit trail of all data access
  • ✅ Encryption at rest
repr Configuration:
Audit Trail:
Output includes:
  • All network operations (should be zero in local-only mode)
  • All story generation events (local only)
  • Data storage locations
  • Privacy settings history

SOX / PCI-DSS (Finance)

Requirements:
  • ✅ Code doesn’t leave secure environment
  • ✅ No sensitive data in logs
  • ✅ Access controls and audit trails
repr Configuration:
Data Redaction: repr automatically redacts:
  • File paths (replaced with relative paths)
  • Email addresses (commit authors)
  • API keys and secrets (if accidentally committed)
To verify redaction:

ITAR / Defense (Classified Environments)

Requirements:
  • ✅ Zero external network access
  • ✅ Code remains on classified system
  • ✅ Auditable operations
repr Configuration:
Security Audit Checklist:
  • Binary installed via approved transfer method (USB)
  • No internet connectivity on target system
  • Local LLM installed and verified
  • repr privacy lock-local --permanent executed
  • Network monitoring shows zero external packets
  • Stories stored only in ~/.repr/ (no external storage)
  • All operations logged for audit

GDPR (EU Data Protection)

Requirements:
  • ✅ User consent for data processing
  • ✅ Right to be forgotten
  • ✅ Data portability
repr Compliance: repr is GDPR-compliant by default:
  1. Consent: repr never uploads data without explicit user action (repr push)
  2. Right to be forgotten: Delete local stories with repr story delete <id>
  3. Data portability: Export all data with repr data backup

Enterprise Features

Multi-User Deployment

Deploy repr for your entire engineering team: 1. Create standard configuration
2. Distribute to team
3. Team workflow

Centralized LLM Deployment

Run one shared Ollama instance for your team (reduces resource usage): Server setup:
Client configuration:
Privacy note: This is still “local” in that your diffs go to your company’s server, not a third party.

Single Sign-On (SSO) Integration

Coming soon: repr.dev cloud features will support SSO via:
  • SAML 2.0
  • OAuth 2.0 (Google, GitHub, Okta)
  • OpenID Connect
In the meantime, use local-only mode for full control:

Security Best Practices

1. Verify Binaries

Always verify repr binary authenticity:

2. Isolate repr Storage

Keep repr data separate from your code:

3. Backup Regularly

repr stories are valuable. Back them up:

4. Review Generated Content

Always review stories before publishing:

5. Rotate API Keys

If using BYOK (Bring Your Own Key):
Keys are stored in your OS keychain and encrypted by the OS.

Troubleshooting Security Issues

”Firewall blocked repr”

repr should work behind corporate firewalls if you’re using local-only mode:

“Security scan flagged repr binary”

repr is open source. Your security team can:
  1. Review source code: https://github.com/repr-app/cli
  2. Build from source instead of using pre-built binaries
  3. Run security scans on the binary
If your security team has concerns, open an issue: https://github.com/repr-app/cli/issues

”Ollama using too much memory”

Ollama loads the entire model into RAM. For resource-constrained environments:

Getting Help

Enterprise Support

For enterprise customers, we offer:
  • Priority support
  • Custom deployment assistance
  • Security questionnaire completion
  • Compliance documentation
  • On-site training
Contact: enterprise@repr.dev

Security Issues

Report security vulnerabilities privately: Do not open public GitHub issues for security vulnerabilities.

Community Support

For general questions:

Summary

repr is designed for security-conscious developers:
  • Local-first architecture — Zero data leaves your machine by default
  • Air-gapped support — Works in fully offline environments
  • Compliance-ready — HIPAA, SOX, ITAR, GDPR compliant
  • Audit trail — See exactly what happened and where data went
  • Open source — Full transparency, build from source if needed
Ready to deploy in your secure environment?
Air-Gapped Setup Guide → | Privacy Model →