Open the desktop app
Start the local engine from the app. PubKeySpace keeps generated reports and config under app support storage.
Workflow
Run it on one machine first.
Choose repo folders
Select the workspaces where Git repository checks should run. Home identity surfaces are still inspected from your user profile.
Review findings
Use the dashboard to inspect findings, remediation guidance, inventory, accepted risk, and local policy state.
Export if needed
Keep everything local by default. Export reports only when you intentionally want to share posture with a team workflow.
CLI path
The command line stays available.
pubkeyspace scan --config pubkeyspace.toml --workspace .
pubkeyspace remediation --report reports/current.json
pubkeyspace serve --config pubkeyspace.toml --workspace .Use `scan` for local reports and `serve` for the local API/dashboard.
Use `remediation` to see concrete next actions for findings.
Reports include metadata and public fingerprints, not private keys or token values.
Cadence
Manual or daily checks are enough for most solo use.
Default
Run manually after key changes, repo onboarding, laptop setup, or before sharing a security posture report.
Routine hygiene
A daily local check is reasonable if you use PubKeySpace as part of ongoing developer security hygiene.