Security

Actions never run without explicit human approval. This is not optional—it's the core architecture. The copilot proposes; humans decide.

Every proposed action enters a review queue. You approve, reject, or modify before anything executes. The copilot waits for your decision.

Every event is recorded in an immutable, append-only ledger with timestamps and checksums. Complete history for compliance audits. Export anytime.

Telemetry is limited to operational metadata: event counts, response times, and error rates. No source code, file contents, or proprietary data is ever transmitted.

API keys and credentials are managed via server-side environment variables only. The Lens client never stores, caches, or transmits secrets. Vault-ready for enterprise.

All payment processing is handled by Stripe. We never see, store, or process credit card numbers. Stripe is PCI DSS Level 1 certified.

Configure which external endpoints the copilot can reach. Egress control on roadmap.

Enterprise SSO via SAML/OIDC. Central identity management with Azure AD, Okta, and other providers.