Security and trust model

Trust in an agent platform comes from visible boundaries: machines are explicitly authorized, generated changes can be previewed, shared memory requires governance, and fingerprints make generated artifacts inspectable.

Device authorization

login uses a browser-approved device flow. Remote shells can use --no-browser; the user still approves the displayed code from an authenticated browser session.

Terminal

$ nepopsx login --no-browser

Review before write

Use sync preview for filesystem changes and import dry-run for memory candidates. These modes separate inspection from mutation and are safe to put in code review or CI.

Terminal

$ nepopsx sync --preview

$ nepopsx import --dry-run

Govern shared memory

Imported and captured learnings enter the platform review workflow. Reviewers decide which observations are durable enough to become shared instructions.

Inspect generated artifacts

Generated files carry a fingerprint. Decode it when you need to identify the organization, plan, or generation context associated with an artifact.

Terminal

$ nepopsx decode <generated-file>

Enforce policy before tool use

Compiled agents can ship with a local Claude Code PreToolUse guard. It evaluates built-in safety rules and .nepopsx/policy.json without sending the tool payload over the network.

Explicit policy matches block the tool call
Normal edits continue without interruption
Guard errors fail open so policy machinery cannot crash a coding session

All documentation

Govern

Updated June 20, 2026

Security and trust model

Device authorization

login uses a browser-approved device flow. Remote shells can use --no-browser; the user still approves the displayed code from an authenticated browser session.

Terminal

$ nepopsx login --no-browser

Review before write

Use sync preview for filesystem changes and import dry-run for memory candidates. These modes separate inspection from mutation and are safe to put in code review or CI.

Terminal

$ nepopsx sync --preview

$ nepopsx import --dry-run

Govern shared memory

Imported and captured learnings enter the platform review workflow. Reviewers decide which observations are durable enough to become shared instructions.

Inspect generated artifacts

Generated files carry a fingerprint. Decode it when you need to identify the organization, plan, or generation context associated with an artifact.

Terminal

$ nepopsx decode <generated-file>

Enforce policy before tool use

Compiled agents can ship with a local Claude Code PreToolUse guard. It evaluates built-in safety rules and .nepopsx/policy.json without sending the tool payload over the network.

Explicit policy matches block the tool call
Normal edits continue without interruption
Guard errors fail open so policy machinery cannot crash a coding session