Security

Security starts with an honest boundary.

MarketingOS runs inside an agent runtime controlled by its operator. OpenCLAW and Hermes are not a hard security boundary against code using the same operating system identity. The Direct Profile is therefore limited to reading and local drafts. Live credentials and external writes open only through a separated Secure Profile.

BOUNDARY

The host runtime is inside the trust zone

An agent with shell access and the same user identity can generally reach that user's files and processes. A plugin or skill is therefore not isolated by default. MarketingOS does not claim a boundary that the operating system does not enforce.

DIRECT

The Direct Profile may read and draft locally

The current alpha path runs locally, calculates risk on the server and binds an approval to a context revision and payload hash. External writes remain closed. This profile is for crawls, analysis, evidence and local drafts, not production credentials.

SECURE

Live work requires a separated Secure Profile

Production credentials require a dedicated execution identity. Agent, policy service, secret broker and connector worker are separated. The agent receives neither a durable secret nor general write access. This profile is a release gate and is not generally available today.

GRANT

Permission applies to one concrete action

The target design uses signed, short-lived, single-use capability grants. They bind tenant, workspace, connector, operation, target, payload digest, risk, approver, expiry and nonce. Changed content or a different audience must fail technically. Complete enforcement remains an open release gate.

SECRETS

Secrets do not belong in prompts or workspaces

In the Secure Profile, only the connector worker resolves a secret reference. An allowlist limits network destinations. Host keys, TLS, redirects and private address ranges are checked per connector. The current alpha does not yet satisfy this complete contract and should not receive live secrets.

RECEIPT

A receipt proves execution, not business impact

MarketingOS currently stores actions, approvals, receipts and audit locally. Published test runs prove externalWrites 0. External signing and an independent time anchor for receipts are still release gates.

NETWORK

Private network access needs TLS and a narrow rule

A mobile Control Surface should be reachable only through HTTPS, a specific firewall rule and a short-lived browser session. Public internet exposure, shared master tokens and unencrypted HTTP are outside the intended operating model.

NO PROMISE

What this architecture does not claim

It cannot make a compromised computer trustworthy and does not replace patching, backups, endpoint protection or the access controls of connected platforms. It reduces the reach and reuse of a mistake. Claiming zero risk would be false.

Continue

See what the evidence supports

The Trust Center separates technical evidence, synthetic showcases and open release gates.

Open the Trust Center