Auth
Separate auth lanes
Human account bootstrap, API-key automation, and runtime auth stay separate instead of collapsing into one bearer mode.
Security summary
Control stays explicit across auth, routing, policy, filtering, and audit.
Universal AI Bridge is positioned around governed execution, not just tool transport. The current platform already separates auth lanes, keeps session routing explicit, and preserves machine-readable trust-control outcomes.
Current security pillars
This summary is derived from the implemented bridge behavior and the current secure workspace shell.
Routing
Explicit session routing
Execution always targets one specific sessionId. The bridge never falls back to any active runtime.
Policy
Policy before trust
Capability decisions, data-scope decisions, and redaction remain machine-readable before results are treated as safe to return.
Audit
Audit as product
Auth, validation, rate-limit, routing, execution, denial, and redaction outcomes stay visible in the workspace audit surface.
Execution
Fail-closed high-risk paths
High-risk Satellite execute capabilities remain gated by bridge-side presets and runtime-side allowlists.
Isolation
Per-workspace rate limits
Redis-backed rate limiting protects one workspace from another workspace's noisy automation.
High-risk execution stays fail-closed
The current bounded Satellite execute paths already publish explicit preset semantics instead of hiding high-risk execution behind generic marketing copy.
High-risk command execution
Fail-closed until allowedBridge policy must allow this capability before dispatch, but runtime-side command allowlisting remains a second required gate.
High-risk file apply
Fail-closed until allowedBridge policy must allow this capability before dispatch, and runtime-side base-directory allowlisting remains a second required gate.
High-risk package script execution
Fail-closed until allowedBridge policy must allow this capability before dispatch, while runtime-side package-script allowlisting and base-directory allowlisting remain required gates.
High-risk host action execution
Fail-closed until allowedBridge policy must allow structured Satellite host actions before dispatch, while runtime-side action allowlisting remains a second required gate.
Next step
Move from public overview to a real evaluation path.
Use the docs when you want the current technical contract, or use the enterprise branch when you want a conversation about deployment fit and rollout posture.