security

Agent autonomy without unlimited access.

Cloud coding agents can edit files, run commands, and consume model credits. CloudAgent is designed around isolation, explicit permissions, and auditability.

principles

Six rules we design against.

01

Least privilege by default

Agents start with the minimum access a task needs.

02

Review before merge

Output lands as diffs and PRs, not silent pushes to main.

03

No production secrets by default

Secrets are scoped per task and injected explicitly.

04

Every privileged action is auditable

Admin, payment, and credit actions leave a trail.

05

Spend controls are security controls

Budgets stop runaway agents as surely as sandboxes.

06

Task isolation beats shared mutable state

Branch and worktree isolation per task.

this website, today

Account & billing controls.

These controls are implemented in the account platform you're using right now.

ControlWhat it does
Invite-only accessOnly admins can create accounts. No public registration path exists.
Role-based accessUser and admin roles re-checked server-side on every request.
Credit limitsPrepaid balance, budgets, and an append-only ledger prevent runaway spend.
Audit logsAdmin, payment, and credit actions are recorded immutably.
Webhook verificationOnly cryptographically verified payment events can grant credits.
Signed usage eventsToken usage is accepted only from HMAC-signed internal requests.
Bot protectionTurnstile and rate limiting on waitlist and login.
Generic auth errorsLogin never reveals whether an email has an account.

cloud agent runtime controls

The runtime's guardrails.

These describe the separate cloud agent runtime being built for the beta — listed here as design commitments for that service, distinct from the website controls above.

  • Per-task sandbox
  • Git branch/worktree isolation
  • Scoped secrets
  • Command approval policies
  • Network egress policies
  • Credential redaction
  • PR-first output
  • Runtime audit logs

compliance posture

CloudAgent is in private beta. We do not claim SOC 2, HIPAA, or other formal compliance certifications yet. We are building with auditability, least privilege, and billing transparency from day one.

Security-sensitive team? We offer security review calls for selected pilots. Report vulnerabilities or ask questions: wu@learnwithpal.org

Talk to us about safe agent autonomy.

We are inviting developers and small teams who already use AI coding agents and want an always-on cloud environment for serious work.