Privacy & safety
Pasture is designed as a private local companion, but privacy still depends on which skills, models, and tokens you configure.
What stays local
| Area | Handling |
|---|---|
| Runtime location | Pasture runs on your computer. WhatsApp, Telegram, dashboard, browser, files, memory, and daemon state are coordinated locally. |
| State directory | Runtime data lives under ~/.pasture by default, including config, logs, workspace notes, memory, auth, and dashboard databases. |
| LLM choice | You can use local providers such as LM Studio or Ollama, or configured cloud providers. Model priority controls fallback order. |
| WhatsApp auth | Baileys auth files are local session credentials. They should be backed up carefully and never committed to git. |
| Secrets | Tokens belong in ~/.pasture/secrets.json or ~/.pasture/.env, not in project files or memory notes. |
When Pasture asks before acting
| Action type | Safety behavior |
|---|---|
| GitHub write actions | Branch creation, comments, PR creation, and merges require confirmation before execution. |
| Google actions | Sending email and creating/deleting calendar events require confirmation. |
| Project missions | The project workflow previews setup or task plans and waits for explicit approval before applying them. |
| Agent delegation | Allowed linked agents can be invoked internally, with depth and per-turn caps to prevent loops. |
| Groups | Groups can use deny lists, and agent-send is disabled in group contexts. |
Operational boundaries
| Boundary | Meaning |
|---|---|
| No external message broker | Chats are not routed through a Pasture cloud relay. External services are only contacted when a configured skill/provider needs them. |
| No silent project mutation | Project setup and mission creation are preview-first workflows. A goal statement alone is not approval. |
| No raw internal IDs in normal replies | Skills like Home Assistant should answer with friendly device names, not expose entity IDs unless the user asks for technical detail. |
| No overbroad GitHub tokens | Use minimum necessary scopes and avoid admin/delete/workflow permissions unless explicitly needed. |
Practical safety habits
- Enable powerful skills only on agents that need them.
- Use group deny lists for shared chats.
- Keep credentials in the Pasture state directory, not in repo files.
- Prefer local LLMs for sensitive personal context when quality is acceptable.
- Review previews before approving GitHub, Google, or mission-writing actions.