Application controls
The design uses strict server-side workspace authorisation, Argon2id password hashing, hashed tokens, secure cookies, origin checks, rate limits, Zod validation, security headers, audit logging, secret redaction, field encryption, verified Stripe webhooks, and least-privilege agent tools.
Files and generated code
File uploads are disabled in this hosted demonstration because permanent private storage is not configured. The application does not fall back to public or ephemeral storage. Generated code must run in a separate disposable sandbox with no host mounts and network disabled unless a human approves a specific destination.
AI and prompt injection
User text, documents, websites, emails, imported agents, and tool output are untrusted. Delimited content cannot change platform instructions, grant tools, read secrets, alter approvals, trigger billing, send, publish, or delete.
Production readiness
An independent threat model, penetration test, dependency and SBOM review, managed rate limiting, secret manager, sandbox escape review, restore drill, incident exercise, and monitoring validation are required before commercial use.
Reporting
The final production security contact and coordinated disclosure process must be staffed before launch. Do not send customer data, passwords, tokens, or active exploit details through an unverified channel.