Appearance
Security
This section covers the platform's security model: how a user's identity is established, how authorization is enforced, what capability tokens look like, where secrets live, and what is audit-logged.
- Authentication — Google OIDC, sessions, Host-link bearer tokens.
- Authorization — present-state principal-ownership model, target capability model.
- Capability tokens — bus tokens, heartbeat tokens, NATS user JWTs.
- Secrets — what the platform persists, what stays on the Device.
- Audit logs — what is recorded today, what is target.
Source:
projects/matrix-3/packages/system-auth/andprojects/matrix-3/packages/system-gateway-http/are the implementation.WORKSTREAMS/product-launch/CONSTRAINTS.mdC7-C8, C14, C16 set the security baseline.