Security Overview

Security overview

The public security model behind the registry, publisher reviews, and research.

Back to Docs & Trust Incident Response

Security Model

Hosting & isolation

Cloudflare-native deployment

Pages and Workers with isolated bindings.

Access control

Centralized authentication

Sign-in, MFA, teams, and API keys.

Scan and research operations

Registry plus Touchstone

Scores, findings, and research stay linked.

Evidence generation

Readable diligence material

Methodology, disclosure, status, and support docs.

Control areas

Current security posture

Access control: teams, MFA, and scoped API keys.
Change discipline: versioned source tied to live surfaces.
Evidence continuity: scores, findings, and research stay connected.
Research depth: Touchstone adds advisory context.

Boundaries

What this page does not claim

This describes current controls, not a guarantee.
Supporting docs do not confer formal certification.
Publisher setup and third-party behavior still affect risk.