Security Overview

1. Current security controls

• Session and organization-scoped authorization boundaries.
• Per-server bootstrap callback tokens with hash verification and expiration windows.
• Encrypted secrets at rest for provider tokens and bridge/model credentials.
• Internal service authentication for bridge and scheduled job endpoints.
• Audit and timeline events for provisioning and operational actions.

2. Infrastructure posture

The platform manages lifecycle flows for server provisioning, bootstrap completion/failure handling, bridge command routing, and controlled server deletion with operational logging.

3. Hardening roadmap direction

Our published strategy emphasizes minimal bootstrap setup, stronger artifact trust, private-access-first operations, and safer rollout patterns for fleet-scale reliability.

4. Reporting issues

If you identify a security concern, please use the Contact dialog in the footer and include reproduction details. We triage reports as quickly as possible.