The public site cannot probe localhost, collect files, dispatch commands, or request credentials.
Security boundaryPhase 2.46 / v1.5.65
Quickstart
Move from first visit to a reviewable local endpoint manifest in a few clear steps.
First local session
From curiosity to a reviewable endpoint in minutes.
The quickstart keeps every step visible: learn the boundary, inspect an example, validate a manifest, then decide whether Desktop belongs in your local workflow.
- 1Read overview
- 2Open validator
- 3Generate receipt
- 4Review Desktop path
Guided first session
A clean path from public knowledge to local confidence.
Every action in this flow produces understanding before it asks for trust: read the boundary, run the browser-only sample, inspect the receipt, then decide whether the desktop companion belongs on your machine.
Open the safe example in the browser validator and watch the manifest checks run in the tab.
Open validatorUse redacted receipt data to share readiness without exposing secrets or local runtime state.
Evidence docsIf the workflow fits, move to Desktop for visible review, local approval, and future handoff.
Desktop pathFirst-run flightcheck
A safe first session has four visible signals.
Before Desktop enters the story, the quickstart should prove the boundary in public: a known sample, local validation, a readable receipt, and a clear stop before runtime authority.
Start with example data so no private endpoint details are needed for the first review.
Schema and boundary checks run in the tab without upload intake or localhost probing.
The result is a redacted artifact that shows what passed and what remains unclaimed.
Desktop is considered only after the person understands the public proof and wants local review.
Flightcheck rule
Use public sample
Validate in browser
Export receipt
Stop before runtime
First-session cockpit
Try the system without giving the website a machine.
The first session is designed to be useful before it is powerful: no private endpoint, no secret, no localhost probe, no command dispatch. You should leave with a receipt and a clearer decision.
Start from a known-good public example instead of private device data.
Choose exampleRun schema checks in the tab and keep the public server out of the payload.
Validate sampleExport a review artifact that says what passed and what it does not prove.
Receipt modelInstall or skip Desktop after the boundary makes sense, not before.
Download path
Denied during first session
Private uploads
Localhost scans
Desktop commands
Credential prompts
Safe first run
A dry run that earns the next click.
Use the public sample to learn the contract before installing anything: the browser checks schema shape, evidence language, and denied behavior while your machine stays unaddressable.
- 01Pick the public sample
Start with known example data instead of private endpoint details.
- 02Run browser checks
Validate in the tab with no upload, machine probe, or website command channel.
- 03Read the receipt
Confirm what passed, what failed, and what the receipt does not claim.
- 04Choose the local path
Move to Desktop only when visible local review adds value.
First-run proof
Invited-user handoff
Leave with a redacted artifact you can discuss with someone you know before anyone touches a private endpoint.
Start dry run
Website channel remains closed
No localhost probe
No private file read
No command dispatch
No credential prompt
Validate the safe sample
The browser validator opens with a valid example and generates a receipt locally.
Open validatorMap your own endpoint
Use schemas to define allowed operations, denied operations, input limits, output shape, and evidence policy.
View schemasOperating boundary
Public clarity, local authority.
This public site is static metadata and does not dispatch desktop commands, probe localhost, upload files, collect telemetry, request credentials, or claim runtime safety certification.