Privacy and Security

Local-first design

Ranex is designed to run locally against your project directory. By default:

• Ranex indexes your project on your machine.
• Ranex stores project-local state under .ranex/.

What gets stored

Atlas stores an index database at:

• .ranex/atlas.sqlite

This index is intended to store code intelligence metadata (such as symbol names, file paths, and relationships). Some features may also return small code excerpts at query time (for example span-based operations).

What you should treat as sensitive

• Your project source code
• The .ranex/ directory (it is derived from your project)

Recommended practices

• Do not commit .ranex/atlas.sqlite unless you have a specific reason.
• Do commit .ranex/firewall.yaml (policy as code), so it can be reviewed.
• Use .ranexignore to exclude directories containing generated code or sensitive content that should not be scanned.

Using Ranex with AI assistants

When you run Ranex via MCP or other automation, the assistant's access to files is scoped to the configured project root.

If you have secret material in the repository, keep it in directories that are not scanned and ensure your policies prevent accidental exposure.