Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Security Foundation

A more capable companion only matters if the platform underneath it is trustworthy.

That is why the AI Companion work has been moving alongside a broader security and infrastructure hardening pass across the live platform. The companion is not being built in isolation. It is being built on top of a safer default environment.

Recent platform work already live in production includes:

  • tamper-resistant audit records for sensitive actions

  • stronger, unified authentication across the platform

  • access tokens kept only in browser memory, not written to disk

  • secrets stored hashed at rest

  • platform-wide rate limits to reduce abuse

  • stricter isolation between previews and embedded widgets

  • closure of older exposed or weak API paths

  • stronger security awareness inside the code generation model itself

The point of this work is simple: autonomy without trust is not a product worth shipping.

The model layer behind code generation has also been updated to recognize and warn against a growing list of common security pitfalls.

That includes issues such as:

  • cross-site scripting

  • unsafe signature handling

  • cross-origin access mistakes

  • insecure token contract permissions

  • unsafe automation patterns

  • other known review blockers

The result should be fewer bad suggestions, fewer avoidable review failures, and output that is safer by default.

PreviousSafety ModelNextWhat’s Next

Last updated