Incoming endpoint proposals are review objects first, not commands.
Phase 2.46 / v1.5.65
LocalEndpoint Desktop
LocalEndpoint Desktop is the local companion surface for approvals, receipts, and future endpoint connection workflows.
Local control plane
Desktop is where permission becomes visible.
The website can explain and validate. The desktop companion is the local surface for approvals, receipts, inbox review, and future endpoint handoff without turning the public website into a control channel.
Human approval
Local receipts
Request review
Disabled public execution
Desktop permission cockpit
A local companion for decisions people can inspect.
Desktop is designed to turn endpoint requests into visible review moments: what is being requested, what stays denied, what evidence is produced, and what the person approved on their own machine.
Allowed operations, denied operations, input shape, and evidence rules stay visible.
Consent belongs in Desktop, with no public-site runtime trigger.
Receipts can be exported without exposing secrets or private runtime data.
PUBLIC SITEExplain and validate
DESKTOPReview and approve
LOCAL RUNTIMEStays private
Connection handoff rail
Local endpoint connection should feel like a handoff you can audit.
Desktop turns the path from public metadata to private action into visible checkpoints: describe the request, validate the shape, review the object, approve locally, and keep a redacted receipt.
- 01Describe intent
The public site names endpoint purpose, limits, and evidence expectations before local work begins.
- 02Validate shape
Browser-local checks prove structure without uploading private endpoint payloads.
- 03Review object
Desktop receives a human-readable request, not an invisible command.
- 04Approve locally
The person on the device decides whether the endpoint workflow may continue.
- 05Keep receipt
Redacted evidence records the decision without exposing secrets or runtime data.
Connection boundary
Public describes
Browser validates
Desktop reviews
Local runtime stays private
Local approval membrane
Requests cross into Desktop as review objects, not remote commands.
The companion should make consent visible: show the request, expose denied behavior, require a person to approve locally, and export a receipt that explains what happened.
- 01Describe request
Show endpoint intent, operation scope, and evidence policy before action.
- 02Deny unsafe paths
Block hidden dispatch, unknown operations, credentials, and raw private data.
- 03Approve locally
Make the human decision on the machine that owns the endpoint.
- 04Record receipt
Keep a redacted artifact that can be reviewed after the moment passes.
Desktop approval contract
Request visible
Unsafe paths denied
Human local consent
Receipt exported
Use the checksum-backed ZIP and local review flow while installer channels mature.
LocalEndpoint.com cannot launch desktop actions, execute runtime work, or probe a user's machine.
Decisions should leave artifacts people can inspect, compare, export, and discuss.
Understand the request
Human-readable prompts explain what a local endpoint wants to expose before action is considered.
Keep authority local
Approval happens on the user side, not through a public website button or hidden remote trigger.
Export review evidence
Receipts and evidence packets make the decision inspectable after the moment has passed.
Operating boundary
Public clarity, local authority.
This public site is static metadata and does not dispatch desktop commands, probe localhost, upload files, collect telemetry, request credentials, or claim runtime safety certification.