security

Security and Privacy Boundaries

Public security principles for public/private separation, secret handling and safe AI tool exposure.

boundary security-reviewer evaluate

Public AI systems must not receive private authority by accident. AISYSTEMS separates public chat, public documentation, private operations, secrets and internal tools.

Public/private separation

The public browser should call only the public intake boundary. It should not call private AgentOS routes, A0 APIs, internal context graph, mailbox, calendar, approval resolution or Core files.

Secret handling

Secrets are not documentation. They should not appear in public docs, logs, prompts, model responses or exported evidence.

Safer exposure

Expose narrow read-only tools before write tools. Add write actions only after policy, allowlists, audit and human approval are defined.