Isolated App Data
NexaAct uses a private CODEX_HOME directory under the app config path. Configuration, threads, skills, plugin cache, and runtime data never touch official OpenAI Codex CLI or desktop installs.
Trust
Your machine, your workspace boundaries.
NexaAct is a local desktop app, not a hosted chatbot. The trust model is built around isolated app data, project-scoped permissions, OS keyring storage, user-owned remote infrastructure, and a no-data-collection product stance.
OS Keyring Secrets
API keys and saved account tokens use the operating system keyring. If the keyring is unavailable, saves fail — plaintext secret files are never a fallback.
Scoped Permissions
Each project defines its own workspace boundary. Default execution policy is approval-on-request. You tighten or relax per project. Cross-project access requires explicit approval.
Clean Environment
NexaAct scrubs inherited Codex profile and auth environment variables before launching the app-server. The webview uses a restrictive Content Security Policy.
No User Data Collection
NexaAct does not collect user information, workspace content, prompts, files, usage analytics, or remote-control data.
User-Owned Remote Infrastructure
Remote control is deployed to the user’s own Cloudflare account. The user prepares and controls that Cloudflare environment; NexaAct does not operate a shared remote-control cloud.
Local Runtime
The bundled app-server runs locally on your machine. Agent sessions, tool execution, and provider communication happen from your desktop.
Execution model
Local runtime, visible actions, conservative defaults.
The bundled app-server runs on your computer. Agent sessions, tool execution, and provider communication originate from the desktop app, while approvals keep commands and file edits visible before they land. For remote control, the relay is deployed to the user's own Cloudflare account rather than a NexaAct-operated data service.
runtimeLocal app-server
secretsOS keyring
defaultApproval on request
remoteUser-owned Cloudflare