Credentials stay local
Cloud credentials, kubeconfig contexts, and repo access remain on the machine running the desktop app for normal local workflows.
The desktop keeps cloud credentials and cluster contexts on the machine running the app. Local MCP and optional bring-your-own-key model calls use that local runtime.
Hosted inference, voice, shared sandboxes, and enabled web-to-desktop relay are separate data paths. Clanker DevOps and Clanker Secretary use the Standard shared service, which currently uses the Gemini Developer API and shared global Cloudflare services. Secretary Pro starts protected onboarding, and any sovereign service is separately contracted; neither protected boundary is active until verified and activated in writing.
Credential custody can stay local, but content sent to hosted inference, voice, sandboxes, or remote relay crosses the boundary of the corresponding hosted service.
Cloud credentials, kubeconfig contexts, and repo access remain on the machine running the desktop app for normal local workflows.
Desktop model calls can use a team’s own provider key or local endpoint. Standard hosted inference instead uses the Clanker Cloud Gemini Developer API path.
Standard sandbox content and hosted voice use Cloudflare services. Enabled web access temporarily relays instructions and responses to an enrolled desktop.
Read and plan flows come before execution, and maker mode requires explicit operator approval.
The current product positioning covers cloud providers, Kubernetes, GitHub, and bring-your-own AI keys from one local operating surface.
| Surface | Where it lives | What it means |
|---|---|---|
| Cloud credentials and kubeconfig | Local machine | Raw provider access stays with the operator for normal desktop workflows. |
| Desktop workspace and chat history | Local application files and SQLite | Content is not application-level encrypted today. Regulated deployments require FileVault, BitLocker, or equivalent managed full-disk encryption, device access controls, and an approved backup policy. |
| Desktop BYOK or local inference | Chosen provider or operator endpoint | Prompts and selected context go to that provider or endpoint; provider terms apply. |
| Standard hosted inference | Google Gemini Developer API | Prompts and selected context are processed through the current hosted model path. Standard is not a protected regulated-data environment. |
| Standard sandboxes and hosted voice | Shared global Cloudflare services | Submitted commands, files, runtime data, audio, transcripts, or speech cross the shared Standard boundary; account region is not a residency guarantee. |
| Web-to-desktop relay | Clanker Cloud portal and Google Cloud control-plane relay to an enrolled desktop | When explicitly enabled, instructions, responses, status, device identifiers, and limited diagnostics are processed by a relay that is not end-to-end encrypted. Protected and sovereign accounts currently reject this path. |
| MCP endpoint | Authenticated localhost runtime | Local agents use a rotating per-launch capability; a bare endpoint URL is not authorized. |
| Execution approval | Operator in the app | Changes require deliberate maker-mode approval. |
Useful when production access already exists and the priority is faster grounded operations without moving that access to another vendor.
Local credential custody can reduce one hosted risk, while inference, sandbox, voice, relay, retention, identity, and contract boundaries still require separate review.
The local MCP surface keeps agent integrations close to the operator runtime and existing credentials.
Raw cloud credentials and kubeconfig contexts stay on the local machine for normal desktop workflows. Selected infrastructure evidence can be sent to the configured model provider, and content submitted to hosted inference, voice, sandboxes, or remote relay crosses those separate service boundaries.
The desktop’s core provider workflow and local MCP surface run locally. Standard hosted inference, account services, shared sandboxes, hosted voice, downloads, and enabled web-to-desktop relay use hosted Clanker Cloud services.
Local agents use the authenticated MCP endpoint and its rotating per-launch capability. Web access is a different, opt-in Google Cloud relay that is not end-to-end encrypted and requires an approved enrolled desktop; protected and sovereign accounts currently reject remote relay use.
No protected boundary is active in Standard. Clanker DevOps and Clanker Secretary use that Standard boundary. Do not submit sensitive or regulated data to hosted workflows until a Secretary Pro protected or separately contracted sovereign environment, approved providers, identity controls, retention terms, and required agreements are verified and marked active in writing.
Not today. Desktop workspace and chat content uses local application files and SQLite. A regulated deployment must enforce FileVault, BitLocker, or equivalent managed full-disk encryption plus managed device access, backup, recovery, and wipe controls until application-level content encryption is delivered and migrated.
Read the workflow explainer or Cloud for Agents for the operational details behind this trust model.