LocalEndpoint
Metadata-onlyNo public command dispatch Browser-local validationNo upload intake Private runtime stays localNo localhost probing Invited distributionChecksum-backed artifacts

Phase 2.46 / v1.5.65

Security

Security starts with a hard public-site boundary: no local probing, no credentials, no telemetry, no command dispatch, and no hidden runtime activation.

Read privacy boundary Quality gates

Trust architecture

The safest public control plane is not a control plane.

LocalEndpoint.com is intentionally limited to metadata, docs, examples, schemas, and browser-local validation. Private authority stays local.

01 / Network No localhost probing

The public site does not scan, fetch, socket-check, or discover private services.

02 / Upload No upload intake

Manifest validation runs in the browser tab without sending private endpoint payloads to the website.

03 / Telemetry No telemetry collection

LocalEndpoint.com does not collect runtime traces, private logs, endpoint state, or device inventory.

04 / Secrets No credential requests

Tokens, passwords, private keys, and raw local endpoint files are outside the public-site workflow.

05 / Commands No command dispatch

No page click launches desktop work, installer actions, runtime execution, or autonomous control.

06 / Claims No runtime certification claim

Security boundaries are documented and tested, but runtime safety certification is not claimed.

Security contract No localhost probing No upload intake No credential requests No command dispatch

Firewall relay

Every risky request is routed to the smallest safe surface.

The public website does not become more powerful when a visitor has questions. It routes public learning to docs, safe checks to the browser, approval to Desktop, and runtime requests to denial.

Public Explain the contract

Docs, schemas, route indexes, examples, and quality gates are safe to read without device access.

Browser Validate without upload

Manifest checks stay in the tab and can produce redacted receipts for review.

Desktop Approve only on device

Private endpoint decisions move to a human-visible local companion when the person chooses.

Denied Refuse public runtime

Probing, credentials, uploads, telemetry, command dispatch, and certification claims stay blocked.

Firewall rule Explain publicly Validate locally Approve on device Deny runtime control

Security boundary matrix

What can happen here is smaller than what the product can become.

The public site can explain, publish contracts, validate local files in the browser, and link to evidence. It cannot operate a visitor's machine.

Allowed here Serve public metadata

Docs, examples, schemas, route indexes, discovery files, and quality gates are safe public artifacts.

Allowed here Validate in the browser

Manifest checks run in the tab and can export redacted receipts without sending payloads to the site.

Local only Approve endpoint access

Future Desktop approval belongs on the user's device, with visible consent and reviewable receipts.

Denied here Probe localhost

No scan, fetch, socket check, service discovery, or private-network access is performed by the public site.

Denied here Request secrets

No credentials, tokens, private logs, or raw endpoint files are requested as part of the public experience.

Denied here Dispatch commands

No browser click on LocalEndpoint.com launches desktop work, runtime execution, installer actions, or autonomous control.

Inspect

Read explicit routes

Every supported route is registered instead of generated by broad fallback behavior.

Validate

Use local-only tools

The browser validator redacts and hashes without network APIs or upload channels.

Evidence

Export receipts

Share redacted evidence packets and hashes instead of private runtime data.

Operating boundary

Public clarity, local authority.

This public site is static metadata and does not dispatch desktop commands, probe localhost, upload files, collect telemetry, request credentials, or claim runtime safety certification.