LocalEndpoint
Metadata-onlyNo public command dispatch Browser-local validationNo upload intake Private runtime stays localNo localhost probing Invited distributionChecksum-backed artifacts

Phase 2.46 / v1.5.65

Technical Boundary

The technical boundary defines what the public website can serve and what it must never execute.

Know what LocalEndpoint does Validate an Endpoint Manifest

Technical boundary

The public website is intentionally non-operational.

LocalEndpoint.com can explain, publish, validate, and export public-safe artifacts. It cannot operate the local endpoint, dispatch desktop commands, fetch localhost, or become a hidden control plane.

Public site Serves public metadata

Pages, schemas, examples, route indexes, discovery files, and readiness packets are safe to inspect.

Browser tab Validation stays local

The validator can check JSON shape and export receipts without upload intake or network dispatch.

Desktop Runtime authority belongs on the device

Future approvals, revocation, receipts, and local handoff decisions belong in the companion app.

Denied No hidden runtime bridge

No localhost fetch, credential request, telemetry collection, desktop command dispatch, or generic runtime fallback.

Authority switchboard

Authority changes lanes where people can see it.

The public site explains and validates contracts, the browser builds local receipts, the desktop app owns approval, and private runtime stays closed unless a person grants it on-device.

  1. 01Publish routes

    Explicit pages, schemas, examples, and route indexes are safe to inspect.

  2. 02Validate shape

    Browser checks can prove document structure without upload intake or probing.

  3. 03Export receipt

    Evidence leaves as portable review artifacts, not private endpoint access.

  4. 04Ask desktop

    Human approval belongs in the local companion app before runtime authority exists.

  5. 05Block shortcuts

    Localhost fetches, credentials, telemetry, command dispatch, and generic fallback stay denied.

Switchboard rule Public can explain Browser can validate Desktop decides Runtime stays private
Boundary contract Explicit route table No generic runtime fallback No localhost fetch No desktop command dispatch
Architecture

Quality is inspectable

Architecture status, route governance, and dead-code reports are public machine-readable evidence.

Architecture
Browser

Validator remains local

The browser validator avoids network APIs and treats receipts as local review artifacts.

Validator

Operating boundary

Public clarity, local authority.

This public site is static metadata and does not dispatch desktop commands, probe localhost, upload files, collect telemetry, request credentials, or claim runtime safety certification.