Security and data boundaries
Public security boundaries for connectors, files, workspaces, and Agent repositories.
Workspace isolation
Workspace-scoped data should not leak to unrelated workspace members. Template, Channel, file, task, and connector reads must preserve the workspace boundary.
Connector secrets
OAuth tokens, refresh tokens, token expiry internals, and manual provider tokens are backend secrets. Frontend code should receive stable provider detail shapes, not raw credentials.
Code Storage
CODE_STORAGE_API_KEY is backend-only. Resolver and service code should depend on the narrow Code Storage client boundary and must not log or send Code Storage credentials to the frontend, Operator, sandbox, or Agent runtime.
Git errors returned from Operator flows must redact credentials from argv-derived errors and Git stdout/stderr.
Files
Authenticated file routes and signed URLs should stay scoped to the intended workspace, session, or public share contract. Public access should be explicit, not inferred from a URL shape.
Public surfaces
The public waitlist endpoint is unauthenticated but narrow. It stores beta invite requests and is not exposed through GraphQL.