Security and Limits

Local model

AIM Loadout runs locally. It does not require a cloud account and does not send your inventory to external servers.

The transport between machines is your Git repository. AIM reads and writes inventory files and performs Git operations for publishing and syncing.

What goes into Git

Git stores:

• skills/*.md;
• mcp/*.yaml;
• aim.yaml;
• .gitignore;
• any future public inventory files, if they are added to the format.

What must not go into Git

Local data is stored in aim.local.yaml and must be excluded via .gitignore.

This may include:

• paths to AI environments on the specific machine;
• published_hash;
• synced_hash;
• MCP server environment variable values.

In the current MVP, MCP env values are stored in aim.local.yaml as plain text. This is safe only under one condition: the file must not be committed to Git.

What AIM writes to AI environments

AIM may:

• create or update skill files in AI environment directories;
• add or update an MCP server entry in an AI environment's configuration file;
• create required directories if they do not exist.

Before a bulk apply, use dry-run first:

aiman apply --dry-run
aiman sync --dry-run

Current MVP limitations

• Supported environments: Claude Code, Cursor, and Codex CLI.
• MCP supports the stdio launch model.
• MCP secrets are not stored in a system keychain.
• The primary remote/branch is origin/main.
• AIM does not perform automatic Git conflict resolution.
• Named loadout subsets are deferred to post-core MVP.
• aiman list is not considered a full public command until a complete inventory view is implemented.

If something goes wrong

Start with:

aiman status
aiman doctor

For issues on first run, see Troubleshooting.