Artifacts and credentials, treated like they matter.
The current code is designed for private artifact handling, protected access material, and disclosed AI boundaries. Production verification remains a launch gate.
Private artifact storage
Build APKs and review artifacts are stored in authenticated buckets. No public URLs or CDN exposure.
Pixel-redacted credentials
Test credentials are encrypted at rest and kept out of logs and screenshots through capture-time redaction.
Workspace-aware API access
Automation access checks the key owner and current workspace membership before an app or review can be read or changed.
AI processing disclosure
AI processing services and data boundaries are documented so teams can review how report synthesis works.
Commitments
What we promise.
Build artifacts are stored privately in authenticated cloud storage.
Authentication credentials are encrypted at rest and excluded or pixel-redacted before AI model calls.
API access enforces owner/workspace membership with audit-friendly logging.
AI usage is disclosed, with fail-closed redaction at each external processing boundary.
Findings are grounded to runtime evidence.
Verification history is preserved per finding for compliance and calibration.