maekon — local session

Local work signals, reviewed action paths.

Maekon is an Apache-2.0 local-first desktop agent that can be used independently without ONESHIM. It organizes local work signals into suggested next actions and can route approved actions through approval rules, sandboxing, and audit logs.

  • raw frames stay local before explicit sync
  • execution requires approval rules and sandboxing
  • audit logs track approved actions
Verified install preview

v0.0.1-rc.6 install command requires signature verification. Copy it here, then review the full command and checksum notes in the install section.

View full install command

macOS · Windows · Linux

01 / What Maekon does

On-device work signals, under your control.

MAEKON(1)CAPABILITIES
context(1)

Local work-signal capture

Active windows, idle state, and screen activity stay on your machine. Edge processing extracts only what matters.

suggestions(1)

Suggested next actions

A priority inbox surfaces local candidates for what may deserve attention next. Execution is a separate opt-in path gated by approval, policy checks, and audit logs.

edge(1)

Edge intelligence

Screen capture, delta encoding, OCR, and PII filtering run on-device so raw frames stay local before explicit sync.

privacy(1)

Automation with approval rules

Approved actions run through automation rules, sandbox profiles, and local audit logs before execution.

02 / Transparency spec

What leaves your device, stated as a spec.

Raw screen framesStay local before explicit sync — capture, delta encoding, OCR, and PII filtering all run on device.
Local work signalsActive windows, idle state, and screen activity stay on your device.
Action pathsExecution is a separate opt-in path wired to approval, policy checks, and a local audit log.
Source codeApache-2.0 open source — audit the full source on GitHub.

See the privacy document and security policy for the detailed processing flow and trust boundary.

03 / Organization review path

Review the organization boundary before installing.

Maekon remains an independent open-source desktop agent. Teams that need security review, deployment planning, and an operating responsibility boundary can review ONESHIM as a separate optional edge input and control channel.

Security review points are separated around local defaults, explicit sync, approval rules, audit logs, and the operating responsibility boundary.

  • Deployment path: review personal-device install separately from an on-premise PoC rollout
  • Security review: confirm when raw frames, local signals, and approved actions may leave the device
  • Operating responsibility: separate desktop usage responsibility from organization-scoped ONESHIM operation
Review ONESHIM
maekon.toml[oneshim] · OPT-IN
# deployment

On-premise deployment

Move from local review to an organization-scoped ONESHIM PoC only when deployment boundaries are explicit.

# governance

Admin and audit controls

ONESHIM adds permissions, review inboxes, audit logs, and role-specific reporting flows for enterprise operation.

# separation

Separate scope agreement

This path is separate from the Apache-2.0 desktop product and requires an operating responsibility boundary plus explicit PoC scope agreement.

04 / Verified install path

Get Maekon running on your device.

macOS / Linux
curl -fsSL -o /tmp/maekon-install.sh https://raw.githubusercontent.com/pseudotop/maekon-client/v0.0.1-rc.6/scripts/install.sh
MAEKON_VERSION=v0.0.1-rc.6 bash /tmp/maekon-install.sh --require-signature
Windows (PowerShell)
$tmp = Join-Path $env:TEMP "maekon-install.ps1"
Invoke-WebRequest -UseBasicParsing -Uri "https://raw.githubusercontent.com/pseudotop/maekon-client/v0.0.1-rc.6/scripts/install.ps1" -OutFile $tmp
powershell -ExecutionPolicy Bypass -File $tmp -Version v0.0.1-rc.6 -RequireSignature
  • The installer uses --require-signature to verify the release signature.
  • Release assets include SHA-256 checksums for download integrity checks.
  • Review source and permissions before enabling network or automation access.