Security
MLNavigator is designed for environments where the default assumption is that networks are hostile and audits are real. Offline operation reduces exposure, but it does not remove risk.
Threat Model
We treat supply chain integrity, insider risk, and local perimeter hardening as primary attack surfaces. Offline constraints shift the problem from network defense to local controls, review discipline, and device posture.
Reviewable Records
Operational records and change history are intended to support later review, discrepancy detection, and controlled follow-up.
No Third-Party Tracking
The website avoids third-party analytics. The runtime is designed without telemetry that reports to external services.
Updates and Change Control
Updates are intended to be explicit, verified, and reviewable. Offline environments need controlled distribution rather than background downloads.
Operational Safeguards
Pre-use checks, controlled updates, and retained records are intended to help teams detect unexpected changes before deployment.
The review workflow page summarizes review workflows and a deployment-oriented threat model.