Documentation
Reference
Security & trust
Credential encryption, guardrails, and the protections that never switch off.
Guardrails never switch off — at every autonomy level. To date there have been zero guardrail bypasses.
What stays protected
- Protected paths stay protected and protected branches stay protected.
- Force-pushes are never allowed.
- Integration credentials are encrypted at rest with AES-256-GCM.
- OAuth state tokens are signed with a dedicated HMAC key to prevent CSRF.