Skip to content

FAQ

Short, honest answers to the questions newcomers ask most. Every capability claim below carries a status badge; the single source of truth for status is the Roadmap & status table. For the safety model behind these answers see How GaugeWright protects your work, and for the words used here see the glossary.

The one truth to read first

GaugeWright orchestrates locally, but inference is remote. The workbench runs on your machine; the agent's reasoning is performed by the third-party LLM provider you configure, so your prompts and the in-scope context are sent to that provider over the network. There is no local-only inference today. Available See Where your data goes.

Data, providers & trust

Does my data stay on my machine?

Your project, resources, and the append-only history are stored locally. Available

Sharing with another party — federation — is opt-in, but it is not operationally available end-to-end today: it is implemented and exercised only in a loopback + NAT-isolated CI harness, not as a shippable cross-machine path. Built

But the agent's reasoning runs at the third-party LLM provider you configure — so your prompts and the in-scope context are sent to that provider over the network. There is no local-only inference today. Available See Where your data goes.

Which LLM providers can I use?

You configure your own provider (e.g. OpenAI, Anthropic, Azure OpenAI) and sign in to / supply credentials for it. Available

With your own credentials, the LLM relationship is yours — the provider is your subprocessor, not GaugeWright's. Its retention and training terms are the provider's. If your data may not leave for a third-party model, use a provider you have contracted, or wait for confidential inference (removing the provider from the trust boundary), which is on the roadmap. Planned

Who can see my plaintext?

Stated plainly:

  • You can, on your own machine. Available
  • The LLM provider you configure can — prompts and in-scope context are sent to it for inference. Available
  • A relay cannot. A relay is the transport role in federation — it queues, retries, and forwards encrypted bridge messages between machines, but is never a payload authority and gains no payload access from carrying a handle. When you collaborate across machines, the relay routes only encrypted bytes and never reads payload (this is a machine-checked invariant, INV-14, not a policy promise). Cross-machine federation itself is Built (CI harness only), so this protection holds by construction but is not yet a shippable end-to-end path.
  • GaugeWright (the company) cannot: there is no hosted service holding your data today. (Cross-machine federation is not operationally available; see below.) Available

See the full data-flow treatment in How GaugeWright protects your work.

Pricing

What's free, and what's paid?

The free/paid line is who relies on our infrastructure to broker trust or hold a secret, not seats or features:

Use Price
Local, single-party workbench (build · run · review) Free Available
Self-federation (your own machines/device set, no third party relying on us) Free Built (CI harness only; not available end-to-end today)
Relayed multi-party work (a relay brokers a crossing between separate parties) Commercially metered Planned
Attested sealed runs (confidential VM, metered compute floor) Commercially metered Planned

Self-federation vs. relayed multi-party

Self-federation moves work between machines you control — your own device set, with no third party relying on GaugeWright to broker trust, so it is free. Relayed multi-party work is when a relay carries a crossing between separate parties (e.g. a consultant and a client on different authorities); that is where third parties rely on our infrastructure, so it is a commercially metered capability (see Deployment modes). Note that even self-federation is currently exercised only in a loopback + NAT-isolated CI harness — it is Built, not operationally available.

The paid model is a take-rate marketplace: experts set their own engagement price (absorb it or pass it through) and GaugeWright is the payment intermediary that takes a cut. An attested run also carries a metered compute floor (cost + margin) that is always billed to someone — the expert absorbs it by default — so an attested run is never free.

Billing is policy layered over the system's safety machinery; it is never run or access authority — paying for something does not by itself grant the right to deploy or run it. The payment rail itself is not built yet, so the paid tiers are Planned. See the roadmap.

Today

Only the local single-party workbench is shippable and free. Self-federation is Built (CI harness only). The relayed, attested, and hosted paid tiers are Built and Planned across different pieces — none is operationally live yet.

Deploying agents

Can I deploy an agent to a client today?

Not operationally yet. Cross-party packaging and deployment are implemented and tested in the core, but live deployment to a remote client is not yet wired up. Built live Planned

What you can do today:

  1. Build an archetype on the local workbench and refine it in an edit chat. Available
  2. Run and review it locally — each run works in an isolated sandbox and returns a diff you keep or discard. Available

What is Built but not yet operationally available to end-users:

  • Collaborate across machines with another party via federation (certificate-pinned TLS, a relay that routes only encrypted bytes). This is implemented and exercised only in a loopback + NAT-isolated CI harness — it is not a shippable cross-machine path today. Built

See Package & deploy and Deployment modes for the full picture, and the roadmap for what goes live next.

Can a deployed agent leak my method, or escape its sandbox?

The protections are structural — built into how runs work, not a setting you can misconfigure:

  • A run can only do what it was admitted to do — no ambient power to read, call, retain, reveal, or export beyond the work it was handed. Available
  • A running agent cannot rewrite its own method: the agent definition is editable only from an edit chat, never a work chat, enforced by an OS sandbox at the kernel — so even a shell inside a run can't change it. Available (Linux/macOS)
  • On Windows, the kernel method-isolation sandbox is not built yet. Planned

These are paired with adversarial tests that fail if the protection is removed. See How GaugeWright protects your work.

Certs, signing & source

Why are the downloads unsigned?

Code-signing and notarization are being set up. Until then, use the OS override:

Right-click the app → Open.

At the SmartScreen prompt, choose More info → Run anyway.

Mark the .AppImage executable, or install the .deb.

All releases are on GitHub. Code-signing is a known gap. Planned

Is GaugeWright SOC 2 / ISO 27001 certified?

Not yet. SOC 2 Type II, a DPA with a published subprocessor list, and an independent penetration test are committed and prioritized but not yet available. Planned

Distinguish two kinds of assurance:

  • Structural guarantees — the confidentiality and isolation invariants are stated formally and machine-checked in the codebase today (e.g. a relay cannot read payload; a handle is not access). Available
  • Policy / operational assurance — third-party audits, attestations, and a published compliance posture. Planned

See the architecture & security documentation for the invariant→control crosswalk and an honest compliance posture.

Where's the source?

On GitHub. The authoritative specification and the formal models live there, and this documentation lives alongside the code.

Where to go next