When you use a cloud-based AI agent, every file it reads, every command it runs, every credential it accesses passes through someone else's server. You are trusting a third party with your SSH keys, API tokens, browser cookies, and source code.
Foxl takes a different approach. The agent runs entirely on your machine. Your data never leaves your laptop unless you explicitly tell the agent to send it somewhere.
What "local-first" means in practice
- Conversations are stored in a SQLite database on your disk, not a cloud service
- Browser automation uses your actual Chrome profile - cookies, sessions, extensions included
- Terminal commands run in real shell sessions on your machine with your PATH and environment
- File operations read and write directly to your filesystem
- Memory is plain Markdown files in a workspace directory you control
The security model
Local execution does not mean uncontrolled execution. Every tool call goes through an approval gate. When the agent wants to run a shell command or write a file, you see exactly what it plans to do and approve or reject it.
You can set persistent rules: "Always allow git commands" or "Always allow reading files in ~/projects". The permission system is granular and stored in your local database.
But what about remote access?
The biggest objection to local-first is that you lose access when you are away from your desk. Foxl solves this with an E2E encrypted relay. Your desktop connects to app.foxl.ai through an encrypted tunnel. You can control your agent from any browser on any device.
The relay sees encrypted bytes, not your content. It handles routing and authentication, nothing else. If the relay goes down, your local agent keeps working - you just lose remote access temporarily.
Performance benefits
Local execution is also faster for tool-heavy workflows. There is no round-trip to a cloud server for each file read or terminal command. The agent reads your files at disk speed and executes commands with zero network latency.
For a typical multi-step task (read 10 files, run tests, edit code, commit), the tool overhead is milliseconds instead of seconds per operation. This adds up quickly when the agent makes dozens of tool calls in a single task.
