Mainely Code — AI coding with receipts
Security & privacy

Trust starts before repo access.

The public launch posture is simple: no secrets through public forms, no production access by default, no hidden training promise, and written agreements before private code work.

Data boundary

Do not submit private code, credentials, regulated data, or secrets through public email or forms before written terms are in place.

Scope boundary

Work orders should define owned paths, blocked paths, approval gates, retention expectations, and safe-stop behavior.

Proof boundary

Proof bundles should redact sensitive material where needed and show what changed, what failed, and what remains for human review.

Privacy promise

Customer repo data should never become marketing copy.

Testimonials, screenshots, proof excerpts, and case studies should be published only with explicit permission.

Default safe posture

  • Least-privilege repo access
  • No public address displayed
  • Secrets excluded from prompts and logs
  • Short retention where possible
  • Human review before merge
  • Written terms before private work
Local fabric security

Private network first, public exposure last.

Northern Nodes is designed around private LAN or private overlay connections, signed worker enrollment, heartbeat checks, no public model ports, no secrets in logs or proof bundles, and explicit worker lanes.

Fabric guardrails

  • Signed join profiles for trusted nodes
  • Owned and blocked file boundaries
  • Diff-before-apply requirement
  • Egress allowlists for connectors
  • Workers never self-approve or self-merge