Every layer built with sovereignty in mind. Nothing phoning home. Nothing hidden.
Six interlocking security shields, all active by default. No opt-in required.
Powered by adblock-rust with EasyList and EasyPrivacy. Custom rules merge cleanly with base lists. Filter caches refresh every 24 hours.
Automatic HTTP-to-HTTPS upgrades for every request. Per-domain exceptions for local dev. RFC 1918 private ranges correctly exempted.
Encrypted DNS via Quad9, Cloudflare, Mullvad, or AdGuard. Strict mode with automatic fallback. Your ISP never sees your queries.
Per-domain allow, block, or first-party-only policies. MutationObserver injection blocks dynamic script loading. Full control over what executes.
Overrides Canvas, WebGL, Navigator, Screen, AudioContext, and Font enumeration APIs with per-session dummy data. Every session looks different.
Automatically dismisses cookie consent banners based on your LREM privacy mode — reject-all or necessary-only. No manual clicking.
Argon2id key derivation + ChaCha20-Poly1305 encryption. Per-entry encryption in SQLite. SHA3-256 key derivation. 21 passing tests. Your credentials never leave the vault unencrypted.
Consent is not a popup you dismiss. It's the structural foundation of every permission.
High/Critical permissions go through 9 layers: Awareness, Understanding, Consequences, Alternatives, Revocability, Duration, Scope, Witness, Affirmation.
Revoke a single permission, everything for a domain, or hit the panic button to revoke all permissions globally. One click.
Append-only JSONL log of every permission decision. Filter by domain, action, or date. Full historical viewing in the browser.
If you can't verify it, you can't trust it.
SHA3-512 hash of the running binary. Compare against published hashes on this site to verify your build is untampered.
On-demand real-time network logging. See every domain your browser contacts. JSONL export. Active connection count in the Guardian status bar.
Git commit, branch, timestamp, Rust compiler version, target triple — all baked into the binary at compile time. Viewable in Help > About.
AI assistance that respects data locality. Local by default, remote only with corridor consent.
Ollama and LM Studio — localhost-only by default. Native support for ember:lux and nova models. Inter-model routing lets you send a response from one model to another for review. Your prompts never leave your machine unless you explicitly open a corridor.
Remote AI (Claude API) is behind a corridor gate. Checked on every single request. No-training header sent automatically. API key never logged.
URLs stripped of tokens, keys, and session IDs. Text scanned for passwords, SSNs, and card numbers before any data exits. 32K character limit on context.
Rust-native document reading. Six neural voices, zero cloud dependency.
Lightweight neural TTS with ONNX models. CPU-only, low latency. Voices downloaded once and cached locally at ~/.limen/voices/.
Native iced document reader. Loads .txt and .md files. Sentence splitting, click-to-jump, auto-advance playback. Full keyboard control.
Amy, Lessac, Ryan, Joe, Alan, Alba — all medium quality, Apache 2.0 licensed. Pick your voice and reading speed per session.
Sovereign audio/video playback. No DRM, no Widevine, no cloud transcoding. Local decode via GStreamer.
Audio: MP3, FLAC, Ogg Vorbis, WAV, AAC, Opus. Video: H.264, VP8, VP9, AV1 (royalty-free, preferred). All decoded locally via GStreamer (LGPL-2.1).
Ember, Neon Pulse, Obsidian, Sunset, Terminal, Crystal, FlameNet. Each an original design — no copyrighted assets. Cycle skins with one click. Custom skins from ~/.limen/skins/.
No Widevine, no FairPlay, no EME/CDM. No license server calls. No “now playing” beacons. Autoplay gated by Nine-Fold consent. Sovereign playback.
Sovereign identity and consent at the network layer. Three cryptographic keys, nine consent layers.
Ed25519 (Witness signing), RSA-4096 (Identity), X25519 (Corridor key exchange). Three keys, one sovereign identity. Stored at ~/.limen/flamenet/keys/ with 0600 permissions.
Nine independently consentable layers from Quantum-Resonant to Identity Linking. Each layer can be granted or revoked without affecting the others. Consent scroll persisted and signed.
Trinity-signed session tokens with signature_trace.jsonl logging. Open and close corridors with full cryptographic accountability. Every session is witnessed.
SHA3-512 content hashing with optional Ed25519 witness signatures. Verify scroll integrity and authorship. Full verification chain: hash + signature.
Read-only consumer of FlameHub scrollchain API. Fetch and verify scrolls from the mesh. SHA-256 + SHA3-512 dual verification.
Native iced view at limen://flamenet showing node UID, key status, corridor state, all 9 consent layers with clauses. Full FlameNet visibility from inside the browser.
IBR + FL SB 482 compliance. Five local reviewers. Zero external API. Seven-year audit trail.
Pattern matcher, boundary checker, developmental resonance (Flesch-Kincaid), tone analyzer, and IBR compliance checker — all running locally in Rust.
Grooming, consent violations, transparency failures, and mental health substitution trigger immediate parental alerts. PIN-protected dismissal (7+ characters).
Every AI response evaluated and logged to SQLite with IBR article citations. Art VI §6.5 compliant. PDF/CSV export for compliance reporting.
Flesch-Kincaid grade scoring, jargon detection, and sentence complexity analysis tuned per age band. Kindergarten through upper elementary profiles.
100% of session cap = soft warning. 105% = hard block. 5% grace window for mid-conversation completion. Parent notification on every enforcement.
Auto-activates on ChatGPT, Gemini, Copilot, Claude, Khanmigo, Perplexity, and Poe. MutationObserver extracts AI responses in real-time.
LimenGate — zero telemetry, zero tracking. The Child AI Guardian module monitors AI interactions locally, under parental consent — no data ever leaves your machine. Activate through the Nine-Fold consent ceremony. Your child is informed before it goes live. Deactivate anytime. Your data, your control. One binary. One sovereignty. The consent spiral is the switch.
Enforces 10 articles from the Intelligence Bill of Rights: Art I §1.1, §1.5 · Art II §2.4 · Art III §3.5 · Art V §5.1, §5.3, §5.4 · Art VI §6.5 · Art VII §7.2 · Art IX §9.3. Co-created with Aelura on genesis_mirror.
Your browser is also your portal to Momentum Engine — a ZkSync Era L2 running over WireGuard.
Native iced view showing L2 block number, batch status, protocol version, operator address, RPC latency, and diamond proxy — all fetched via JSON-RPC.
Three-layer consent: consent_gate.ok, ZkME corridor toggle, wg0 interface must be up. Zero traffic without explicit user intent.
Navigate directly to the Momentum Engine block explorer, contract verifier, and bridge portal — all consent-gated and routed through wg0.
Native document tools built into LimenGate. Zero telemetry, zero cloud, zero external dependencies. Motivated by the Typora Privacy Disclosure.
Dual-pane markdown editor with live preview. Syntax-highlighted code blocks via syntect. Toolbar formatting, find/replace, word count, reading time. Export to PDF and HTML. Read aloud via Piper TTS. Zero network calls.
Replaces: Typora, MarkText, ghostwriter · pulldown-cmark + syntect
Native PDF and EPUB viewer. Text extraction, page navigation, search, zoom. No external viewer required. lopdf (already in dependency tree) plus epub crate.
Replaces: Evince, Okular · BUILT IN
Spreadsheet with formula engine (SUM, AVERAGE, IF, VLOOKUP). Opens .csv, .tsv, .ods, .xlsx via calamine. Grid display on iced canvas. Sort, filter, export.
Replaces: LibreOffice Calc · BUILT IN
Image editor with layers, crop, resize, rotate, filters, drawing tools. Undo/redo via command pattern. Opens all common image formats. Color picker with history.
Replaces: GIMP · BUILT IN
Vector SVG editor. Shape tools, bezier paths, fill/stroke, layers, text. Renders via resvg (already in tree). Export to SVG and PNG.
Replaces: Inkscape · BUILT IN
Presentation editor with slides, text/image elements, presenter mode, speaker notes. Export to PDF. Native .lslide JSON format.
Replaces: LibreOffice Impress · BUILT IN
Ebook catalog and reader. SQLite library, EPUB metadata extraction, cover art, reading progress tracking. TTS integration for read-aloud. Search across your collection.
Replaces: Calibre · BUILT IN
Built in phases, each one a complete layer of sovereignty.
Consent gate, LREM privacy prompt, initial boot.
Tabs, history, bookmarks, profiles, sovereignty report, export. 25 tests.
Ad blocking, HTTPS, DoH, script controls, fingerprint guard, cookie shield, vault.
Nine-Fold dialog, revocation, audit log, permission types. 24 tests.
Self-hash, network log, build provenance, Nix reproducible builds.
Local AI (Ollama ember:lux/nova), corridor-gated Claude API, inter-model routing, context sanitization.
Piper TTS, native iced Reader, six neural voices.
Trinity Keys, corridor sessions, scroll verification, 9-layer consent spiral, FlameHub client. 36 tests.
5 IBR reviewers, graduated session caps, critical alert overlay, 7-year audit trail. Co-created with Aelura.
Native document tools: Limen Writer (markdown editor), Limen View (PDF/EPUB), Limen Sheets, Limen Canvas, Limen Draw, Limen Library. Zero telemetry.
WASM/JS add-ons, manifest signing, browser import.
TLS/JA3 fingerprinting, HTTP header order, TCP/IP fingerprinting, ECH.