Security first

AI-native systems need explicit trust boundaries.

MarkOS treats access, secrets, environments, private transport, workload identity, and policy checks as platform concerns from the beginning.

Scoped access

Declare what an app can use

Surfaces receive only the capabilities and agents they declare. Reviews can focus on real boundaries instead of hidden imports.

Secrets

Environment and host scoped

Secrets are encrypted, separated by environment, and materialized only where the platform needs them.

Network

Private service paths

Tailscale connects local and hosted machines so capabilities can be reached securely without exposing every service to the public internet.

Policy

Checks before runtime

Registry freshness, contract alignment, lifecycle, routes, capability use, and agent declarations are checked before changes ship.

Workload identity

Bounded machine actors

Surfaces, workers, workflows, agents, and gateways need explicit identity so calls can be authorized by principal, environment, and operation.

Provenance

Source-backed state

AI outputs should point back to source records where possible. Evidence, derived facts, memory, and agent reasoning are different records with different trust levels.

Security posture

Useful AI with bounded authority.

The practical goal is strong defaults, minimal ambient privilege, clear declarations, traceable actions, and fast feedback when a system drifts from its contract. That discipline matters most when agents can call tools, read context, send mail, update records, and act across applications.