Scoped access
Declare what an app can use
Surfaces receive only the capabilities and agents they declare. Reviews can focus on real boundaries instead of hidden imports.
Security first
MarkOS treats access, secrets, environments, private transport, workload identity, and policy checks as platform concerns from the beginning.
Scoped access
Surfaces receive only the capabilities and agents they declare. Reviews can focus on real boundaries instead of hidden imports.
Secrets
Secrets are encrypted, separated by environment, and materialized only where the platform needs them.
Network
Tailscale connects local and hosted machines so capabilities can be reached securely without exposing every service to the public internet.
Policy
Registry freshness, contract alignment, lifecycle, routes, capability use, and agent declarations are checked before changes ship.
Workload identity
Surfaces, workers, workflows, agents, and gateways need explicit identity so calls can be authorized by principal, environment, and operation.
Provenance
AI outputs should point back to source records where possible. Evidence, derived facts, memory, and agent reasoning are different records with different trust levels.
Security posture
The practical goal is strong defaults, minimal ambient privilege, clear declarations, traceable actions, and fast feedback when a system drifts from its contract. That discipline matters most when agents can call tools, read context, send mail, update records, and act across applications.