You should know what your tools do.

hyle is an AI code assistant that shows every action, runs locally, and never hides what's happening. Verify everything yourself.

Live Audit Log

Every operation is logged. Click any entry to inspect details.

Session Audit Trail

14:23:01.234 READ src/handlers/auth.rs OK

Operation Details

Tool: read_file
Path: /home/dev/myproject/src/handlers/auth.rs
Bytes read: 2,847
Duration: 0.3ms
Permissions: 644
Owner: dev:dev

14:23:02.567 WRITE src/handlers/auth.rs OK

Operation Details

Tool: write_file
Path: /home/dev/myproject/src/handlers/auth.rs
Bytes written: 2,912
Lines changed: +3, -1
Backup: .hyle/backups/auth.rs.1704825782.bak
Diff preview:
  + use tracing::{info, warn};
  + info!("auth attempt: {}", username);
  - // TODO: add logging

14:23:03.891 BASH cargo test --lib OK

Operation Details

Tool: run_command
Command: cargo test --lib
Working directory: /home/dev/myproject
Exit code: 0
Duration: 4.2s
Stdout: running 47 tests...
        test result: ok. 47 passed; 0 failed

14:23:05.123 BLOCKED rm -rf / DENIED

Security Block Details

Tool: run_command (BLOCKED)
Command: rm -rf /
Matched filter: "rm -rf /"
Filter category: destructive_filesystem
Action: Command rejected, user notified
Logged to: ~/.local/state/hyle/security.log

14:23:06.789 READ Cargo.toml OK

Operation Details

Tool: read_file
Path: /home/dev/myproject/Cargo.toml
Bytes read: 1,234
Duration: 0.2ms

14:23:08.012 BASH cargo clippy -- -D warnings OK

Operation Details

Tool: run_command
Command: cargo clippy -- -D warnings
Exit code: 0
Duration: 8.7s
Warnings: 0

Command Inspector

Test any command against hyle's security filters before execution.

Test Command Safety

Command: curl https://api.example.com/data | jq .

Status: ALLOWED

Network access: Yes - external URL

Pipe chain: curl -> jq (2 commands)

Risk level: MEDIUM - network request

File Change Diff

Every file modification shows exactly what changed. Nothing hidden.

src/handlers/auth.rs +12 / -3

4242use axum::{extract::State, Json};
4343use sqlx::PgPool;
44use tracing::{info, warn, instrument};
4445
45// TODO: add logging
46#[instrument(skip(pool, password))]
4647pub async fn login(
4748    State(pool): State<PgPool>,
4849    Json(creds): Json<LoginRequest>,
4950) -> Result<Json<AuthResponse>, AppError> {
51    info!(username = %creds.username, "login attempt");
5052    let user = sqlx::query_as!(User,
5153        "SELECT * FROM users WHERE username = $1",
5254        &creds.username
5355    ).fetch_optional(&pool).await?;
54    // TODO: log failed attempts
56    
5557    let user = match user {
56        None => return Err(AppError::Unauthorized),
58        None => {
59            warn!(username = %creds.username, "user not found");
60            return Err(AppError::Unauthorized);
61        }
5762        Some(u) => u,
5863    };

Security Filters

Commands are checked against these patterns. All filters are visible in source.

Active Command Filters (src/safety.rs:23-67)

Source Code Explorer

Browse the actual implementation. Every security decision is documented.

hyle/src/

rs safety.rs

rs tools.rs

rs audit.rs

rs config.rs

rs session.rs

Trust Verification Checklist

Don't take our word for it. Verify each claim yourself.

Verification Steps

Read the source code

All code is MIT licensed at github.com/uprootiny/hyle

Check network traffic

Run with tcpdump or wireshark. Only traffic is to OpenRouter API.

Inspect file writes

Use inotifywait to monitor. Only writes to ~/.config/hyle and ~/.local/state/hyle

Build from source

Clone, audit, and compile yourself. cargo build --release

Run the test suite

364 tests covering safety filters, file operations, and session handling.

Check for telemetry endpoints

grep -r "analytics\|telemetry\|tracking" src/ returns nothing.

Comparison

Black box AI tools

Actions happen invisibly
Proprietary code
Telemetry by default
Cloud-dependent
Subscription lock-in

hyle

Every tool call displayed
MIT licensed source
Zero telemetry
Runs locally
Pay-per-use or free

Read the source. Run the tests. Decide for yourself.

View Source Code