PeerAI Trust Center

Risk profile

View detail

Data access level
PeerAI never accesses customer data
Customer-controlled
Impact level
Single-user install, no shared data plane
Local
Recovery time objective
Installable client; no PeerAI-side production data plane
N/A
Deployment model
Tauri desktop app + Python sidecar
Customer endpoint

Compliance status

Full roadmap

SOC2

In progress

SOC 2

Type I — service org controls

ISO

Planned

ISO 27001

Information security management

GDPR

Planned

GDPR

EU data protection alignment

SBOM

Attested

CycloneDX SBOM

Per-release software bill of materials

How we earn trust

Transparent by design

Every release publishes a CycloneDX SBOM, vulnerability scan rollup, and signed checksums. Source of every claim is linked.

Secure by default

Local-first execution, customer-controlled LLM and database, daily automated dependency scanning, pre-commit checks, and a documented release security gate.

Continuously verifiable

Scans run daily and on every release. Compliance status carries evidence links and last-verified dates. Trust shouldn't be an annual claim.

Built to be left behind

PeerAI is scaffolding for AI-native delivery — not your permanent stack. Code, architecture, and systems built with us are yours to keep, modify, and operate without us. Input is yours. Output is yours.

Operating model

Input is yours. Output is yours.
PeerAI is just the accelerator.

PeerAI is scaffolding for AI-native delivery — not your permanent stack. Once your modernization is built, the scaffolding comes down. The code, architecture, and systems are yours to keep, modify, and operate without us.

How the scaffolding model works

AI Security

AI agents work in your boundary, not ours.

BYO LLM provider, BYO database, local agent execution, sandboxed code paths, prompt-injection mitigations, structured tool guardrails.

Learn more

Responsible AI

Customer data trains nothing. Outputs belong to you.

Customer-selected provider, no training on your prompts, human-in-the-loop controls, evaluation + observability, output ownership.

Learn more

Recent releases

All releases

v0.76.0-alpha.9

alpha

2026-06-17

Changed

Dependency security upgrades — upgraded every fixable-CVE dependency across the Python (aiohttp, cryptography, gitpython, idna, langchain-*, langsmith, mako, pip, pydantic-ai, pyjwt, python-multipart, starlette, strawberry-graphql, urllib3, authlib, banks) and Rust (openssl, tauri 2.10.2 → 2.11.1) lockfiles. grype --only-fixed is now clean except documented accepted risks (Tauri GTK stack, hickory-proto). Bumped @tauri-apps/api to 2.11 to match the Rust crate.

Fixed

Windows release build — added react-router as a direct dependency so TypeScript can resolve react-router v7's re-exported Route/Routes/Navigate/etc. (previously only transitive, which broke tauri build on the CI runner).
Release security gate — the SBOM scan once again fails on real vulnerability findings, while tolerating a pure SBOM format/decode mismatch between trivy and grype on the runner.

v0.76.0-alpha.8

alpha

2026-06-17

Added

OpenCode skills in the Coder — skills installed into OpenCode (global ~/.config/opencode/skills) now surface across all three Coder skill surfaces: the skill picker, the new Skills section of the session-info capabilities panel (proxying OpenCode's live GET /skill), and the Default Skills picker. Discovered skills are tagged opencode and addressed via an opencode:<name> ID scheme.

Fixed

Skill name collisions — OpenCode skills are cached separately from built-in skills, so a same-named skill (e.g. code-review exists in both) no longer clobbers or mislabels the curated built-in. The general /api/v1/skills list now surfaces OpenCode skills correctly instead of dropping them.

v0.76.0-alpha.7

alpha

2026-06-15

Added

Embedded VS Code in Coder — added a VSCodeEmbedPanel that embeds a real VS Code (OpenVSCode/code-server) instance inside PeerAI Coder, with an editor view toggle to switch between the embedded VS Code and the Classic Monaco IDE (falls back to Monaco automatically when code-server is unavailable). Revamped OpenVSCode instance management for improved stability and performance, with Windows embedded-panel support.
UI Modernization AI Generate tab — added an AI Generate tab with enhanced design-refinement capabilities, plus a PanelProgress component for clearer loading-state indication in the analysis step.
OpenAI-Compatible Proxy enhancements — improved AI proxy integration and repository management, including working-directory management in CodeGenStep.

Changed

LLM provider configuration & Windows compatibility — strengthened LLM provider configuration checks, normalized file paths for Windows compatibility, and improved error handling in clustering processes.
Figma-to-HTML generation — implemented caching for Figma assets and improved the HTML generation process, with refinements to the DOM walker leaf-node handling and layout helpers.
OpenCode integration — improved OpenCode integration and error handling.
CI — bumped Claude Code Action to v1.0.148 in workflows.

Fixed

Spec Builder spec generation — enforce strict section gating and improve guidance for spec generation in the Spec Builder agent.
Code Insights Ask PDF export — fixed PDF export with a Markdown fallback.