Security boundary

Public preview outside. Private cockpit inside.

The live public site is static and informational. Workspace sessions, service credentials, action tokens, schedules, and artifacts belong in the private cockpit or infrastructure controlled by the user.

Privacy stance Home

Boundary map

Keep the dangerous parts behind the right door.

WEB

Public site

Static pages, positioning, contact, and documentation. No workspace data required.

APP

Private workspace

Sessions, local database, source packs, provider keys, runs, approvals, and artifacts.

API

Controlled actions

GPT Actions, MCP tools, webhooks, and service APIs only after explicit access rules exist.