ELIPS is embedded. It does not open a network socket, does not spawn a background service, and does not phone home. Data lives in the database directory you pass on open.

Data residency

Every record — vector, payload, document text, chunk coordinates, lineage — is stored locally in the database directory. No data is sent off-host by the runtime. The built-in local text embedder runs in-process and reads only the artifact under text_embedder/.

Process model

One writer per database directory, enforced by an exclusive advisory lock on LOCK. Shared locks allow multiple read-only handles. Locks are RAII-bound to the handle; crashing the process releases the lock through the OS.

Durability and integrity

The WAL frames each record with CRC32C and recovery truncates at the first invalid record. Checkpoints rename atomically into place. Open-while-being-corrupted scenarios are bounded by the on-disk identity in IDENTITY.

Operational considerations

The database directory should be treated as sensitive material — back it up the way you back up the rest of your application state.
File permissions are inherited from the process; ELIPS does not chmod on its own.
The verify CLI command replays the WAL and validates segments, useful in CI.
External Python callable embedders run with full process privileges; vet them like any other dependency.