Security And Permissions
Security architecture combines workspace roles, session or token auth, artifact visibility, channel bindings, bot identity, and tool activation.
Architecture Role
- Check authority at the route and workspace boundary.
- Keep bot and tool access aligned with workspace roles.
- Do not expose sensitive values in docs, examples, prompts, or screenshots.
Review Questions
- What workspace, artifact, API, runtime, or operations behavior does this area affect?
- What user-visible route or developer-facing API proves the behavior?
- What event, artifact, blob, link, or operation should a reviewer inspect afterward?
Media To Add
- Diagram: actor to workspace role to artifact visibility to bot/tool access. It helps admins reason about permissions. Source: access model.