security
Security and Privacy Boundaries
Public security principles for public/private separation, secret handling and safe AI tool exposure.
Public AI systems must not receive private authority by accident. AISYSTEMS separates public chat, public documentation, private operations, secrets and internal tools.
Public/private separation
The public browser should call only the public intake boundary. It should not call private AgentOS routes, A0 APIs, internal context graph, mailbox, calendar, approval resolution or Core files.
Secret handling
Secrets are not documentation. They should not appear in public docs, logs, prompts, model responses or exported evidence.
Safer exposure
Expose narrow read-only tools before write tools. Add write actions only after policy, allowlists, audit and human approval are defined.