LocalEndpoint
Metadata-onlyNo public command dispatch Browser-local validationNo upload intake Private runtime stays localNo localhost probing Invited distributionChecksum-backed artifacts

Phase 2.46 / v1.5.65

Privacy and Local Boundaries

LocalEndpoint is designed around local privacy boundaries: no upload intake, no telemetry collection, no credential collection, and no localhost probing from this website.

Security boundary Evidence artifacts

Local privacy boundary

Privacy is an architecture boundary, not a checkbox.

The public site is designed to be useful without collecting private endpoint payloads, credentials, telemetry, local network details, raw logs, or device state.

Not collected Private endpoint payloads

Manifest review and examples teach shape without asking for raw local files.

Not collected Credentials or tokens

No public workflow asks for passwords, keys, tokens, or secret-bearing logs.

Not touched Localhost and device state

The site does not scan ports, inspect processes, query services, or fetch private network resources.

Local only Desktop approvals

Permission belongs on the user's machine, with visible review and receipts.

Local only Browser validation

The workbench uses local browser APIs and avoids fetch, beacon, WebSocket, EventSource, and upload paths.

Shareable Redacted evidence

Receipts and hashes can be shared after private fields are removed.

Privacy membrane

The website can illuminate the path without touching the machine.

LocalEndpoint splits the connection story into zones so visitors can learn, validate, approve, and share evidence without turning the public website into a data intake surface.

Public web Explain and publish contracts

Docs, schemas, examples, route indexes, and quality signals stay safe to read in public.

Browser tab Validate without upload

Sample manifests and user-provided files can be checked locally before any local endpoint review.

Local desktop Approve on the device

Runtime authority belongs to a visible local companion, not to a remote page or hidden script.

Evidence lane Share redacted proof

Receipts, hashes, and summaries can cross the boundary after private fields are removed.

Blocked at the public edge No uploads No network probing No credentials No command dispatch
Privacy contract No upload intake No telemetry collection No credential requests No localhost probing
Browser

Validation stays in the tab

The workbench uses local browser APIs and avoids fetch, beacon, WebSocket, EventSource, and form upload paths.

Open validator
Desktop

Authority belongs on the device

Approvals, receipts, and future handoff flows belong in the local companion, not in public web controls.

Desktop boundary
Share

Evidence can be redacted

People can share receipts and hashes without exposing raw endpoint files or secrets.

Evidence docs

Operating boundary

Public clarity, local authority.

This public site is static metadata and does not dispatch desktop commands, probe localhost, upload files, collect telemetry, request credentials, or claim runtime safety certification.