NullContext：本地优先的LLM安全推理运行时环境

NullContext is a local-first secure inference runtime for llama.cpp, focusing on audit visibility, artifact tracking, and explicit lifecycle control. It empowers users with full control over storage, retention, deletion, and residual risks of local LLM sessions, addressing key gaps in transparency and security of existing local inference tools.

Local LLM deployment offers privacy, cost, and offline benefits, but lacks transparency on critical issues: where conversation history is stored, memory retention, temporary file cleanup, residual risks of model weights/cache, and access to intermediate products. These gaps are critical for sensitive data scenarios (enterprise, medical, personal privacy), leading to the creation of NullContext.

NullContext follows the principle "explicit over implicit, visible over hidden". Built with Rust (for memory safety and performance), its tech stack includes llama.cpp (inference engine), Axum (web framework), React (frontend), GGUF models, and CUDA acceleration (Windows). Modular layers: core runtime (model loading/inference), security control (access/data isolation), audit tracking (event logging), artifact management (persistent products), user interface (browser-based monitoring).

• Audit Visibility: Logs full lifecycle events (session start/end, inference requests, resource operations) in structured format for compliance.
• Artifact Tracking: Assigns unique IDs to artifacts (model weights, KV cache, dialog history, logs) and tracks their lifecycle (creation to destruction).
• Explicit Lifecycle Control: Users declare session policies (temp vs persistent, memory-only vs disk cache, cleanup level, retention period) which are enforced throughout the session.

• Local-First Model: All sensitive data stays local; no network needed, giving users full data sovereignty (no cloud provider risks).
• Residual Risk Management: Mitigates risks via memory zeroing (sensitive buffers post-use), secure file deletion (overwrite instead of delete), swap isolation (lock sensitive data in memory), and log desensitization (auto-detect sensitive patterns).

Feature	Standard llama.cpp	General API Wrappers	NullContext
Audit Logs	None	Possible	Full structured
Artifact Tracking	None	None	Full lifecycle
Lifecycle Control	Implicit	Partial	Explicit declaration
Residual Risk Management	None	None	Multi-layer mitigation
Browser Interface	None	Possible	Built-in
Local-First Design	Yes	Not necessarily	Core principle

Use Cases:

• Enterprise: Handle sensitive data (commercial secrets, customer info) with audit logs for compliance and artifact tracking for leak investigations.
• Research: Precise experiment configuration/reproduction and full history logging.
• Personal: Protect private data (diaries, medical records) from accidental leaks/residuals.

Future Plans: Hardware security module integration (TPM/TEE), federated learning support, model signature verification, differential privacy in audit logs.

NullContext redefines local LLM security by focusing on audit visibility, artifact tracking, and explicit lifecycle control. It's not just adding features but rethinking local inference design to meet modern security needs. For users prioritizing data security in local LLM use, NullContext is a key solution to gain full control over their data and inference processes.