Developers

Dev mode boundary

Zero's current release runs in dev mode — local execution, local CLI transports, localhost API. This page explains what that means, what it gates, and how to stay within the safe boundary.

Overview

Dev mode is not a flag you set. It describes the current architecture: Zero executes sessions by invoking a local provider CLI, reads output locally, and exposes its API only on localhost. No customer data leaves the machine through Zero.

Dev mode is the default and only mode in current builds. A production API transport is planned but not yet available.

What is dev mode?

In dev mode, three things are true:

Local CLI transport — Zero invokes the provider CLI (e.g., claude) on the same machine. The CLI must be installed and authenticated. Zero does not call any external API directly.
Local filesystem — Memory files, session logs, proof attachments, and the case database are all stored on disk. Nothing is uploaded to a remote server by Zero itself.
Localhost API — The Zero HTTP API is bound to 127.0.0.1 only. Remote access requires an explicit tunnel (e.g., ngrok) — not recommended for production use.

Safety rules

Because dev mode involves local CLI execution with real credentials, follow these rules:

Rule	Why
Do not expose the Zero API port to the public internet	The API has no auth in dev mode — any caller on the network can read and write Work items
Do not store production secrets in memory files	Memory files are plain Markdown on disk — they are not encrypted at rest
Do not use `gh` write scope unless you intend to post comments	Progress and proof comments post to live GitHub issues — this is visible to your team
Review session plans before approval	The provider executes code changes after approval. The operator is the last gate before execution.
Do not run Zero against production repositories as a first test	Use a test repo to validate the session model, approval flow, and proof collection before real Work

Auth boundaries

In dev mode, auth is credential-local — not managed by Zero:

GitHub: the gh CLI uses its own stored credentials (via gh auth login). Zero never sees your GitHub token — it delegates all GitHub calls to the gh binary.
Provider (Claude, etc.): the provider CLI uses its own stored API key or session. Zero sends a structured prompt and reads stdout — it does not manage or store the key.
Zero API: no token required in dev mode. Future API transport will require an API key issued by Zero.

Zero does not hold credentials for GitHub, the AI provider, or any source system in the current release. Credential management is handled by the tool that owns the credential.

Path to production

When API transport ships, the dev mode boundary dissolves for providers: Zero calls provider APIs directly, no local CLI required. The session model, proof model, and Work model stay the same — only the transport changes.

For source integrations (GitHub, Jira, Linear), the same shift applies: local CLI calls become API calls authenticated with a scoped token Zero manages. Operators grant scopes explicitly at setup time.

Until then: dev mode is the available path. It is stable, safe within the rules above, and sufficient for early access use.

NEXT STEP

Ready to start? Request early access →

On this page

Overview
What is dev mode?
Safety rules
Auth boundaries
Path to production