Skip to content

Security

stableplatform · security-contract@current
  • Never paste Sift tokens, credential-store contents, or private brain content into docs, issue trackers, or client configuration committed to source control.
  • Use browser OAuth for hosted MCP and the operating-system credential store for the CLI.
  • Scope work to the intended workspace/brain and least capability.
  • Treat external source content as untrusted; citations establish provenance, not safety.
  • Require explicit intent for writes and review destructive or broad changes before execution.
  • Revoke lost clients and rotate scoped service credentials immediately.

This static site runs no authenticated API explorer and receives no workspace data.