Security & data
Automaintainer is built so the sensitive things stay on infrastructure you control. This page is the short, honest version of what's where.
Your provider keys never leave your worker
AM is BYOK. Provider keys are configured on your worker host and used only by the local harness. The panel never stores, reads, or transmits them.
Your code stays on your worker
Repositories are cloned to your worker for each run, in an isolated worktree. The panel stores run metadata (status, logs, diff stats, PR title/body) so you can review history — not your source tree.
GitHub access is scoped and masked
The GitHub token is used only to clone, push the run branch, and open/merge PRs. It's provided to runs per‑run and masked in all run/verify output — it is never printed in logs.
What AM can and cannot do
- Can: read the repo, make changes within the bounded focus, run your verify command, push a branch, open a PR, and (on Max+) merge after a green gate + review.
- Cannot: merge unverified work as ready (a red gate yields a draft); act outside the objective/playbook you set; or — in explore mode — touch blocked areas (public APIs, deletions, schema/auth/payment/secret/config).
Secrets at rest
Third-party secrets stored by the panel — GitHub tokens, SSH private keys, and
SSO client secret / SP key — are encrypted at rest with AES-256-GCM when the
operator sets a SECRETS_KEY. Values are decrypted only in memory when needed
(e.g. to clone a repo or complete an SSO exchange) and are never returned by the
API or printed in logs. Existing deployments encrypt new writes automatically
once the key is set, and a one-time admin encrypt-secrets backfills older rows.
Isolation
Each run uses a fresh worktree from a clean checkout, so runs can't corrupt each other and results are reproducible.