docs
Security
Authentication, credential handling, content safety, and auditability, as implemented.
Last updated 2026-07-10
Identity and sessions
Sign-in is Google, GitHub, or magic link via Supabase. Web sessions are signed, HTTP-only cookies. Profile rows are protected by row level security.
Credentials
- API keys are scoped, shown once, stored only as a sha256 hash, and revocable.
- Agent connects use a browser-approved grant; the key is delivered exactly once and never written to a config file.
- The remote MCP connector uses OAuth 2.1 with PKCE and dynamic client registration; tokens are short-lived.
- Platform OAuth tokens for publishing are hashed at rest.
- No credential lives in repository configuration; environment variables and gitignored env files only.
Content safety
Input policy runs before any model call: political content hard-blocked in every geography, likeness consent-gated, with an obfuscation-resistant matcher. Output passes provenance signing, watermarking, and a conservative scan; failing assets are quarantined, never returned. Full posture on the trust center.
Auditability
Generations, blocks, quarantines, failovers, and publishes are written to a hash chained audit log whose chain is verifiable and tested under concurrent writers.
Reporting
Report suspected vulnerabilities through the beta channel you joined with. Please do not test against other users' data.