FactionOS
Open Demo (external link) Read Docs (external link)

Security and privacy

Local-first trust, stated plainly.

FactionOS starts on the developer machine and treats external transfer as explicit.

The public website is static. No hosted account is required for the core local workflow. Optional services are described as separate boundaries rather than hidden defaults.

Open Demo (external link) Read Docs (external link)

Trust manifesto

Useful security copy starts with the boundary.

FactionOS is designed around local visibility for AI-assisted development work. The default path keeps hook events, mission context, and cockpit state on the machine running the local product.

That default does not turn sensitive development data into low-risk data. Prompts, file paths, terminal output, credentials, replay state, demo payloads, and user-provided code remain sensitive and need explicit boundaries before any transfer.

Default

Local first, not hosted first

Core review and cockpit workflows are described as local product behavior. Hosted accounts, SSO, organization membership, and public collaboration safety are not claimed.

Exit

Transfers are named

War Room, outbound adapters, provider calls, demo, and docs links are treated as optional or separate surfaces with clear user action.

Telemetry

No silent analytics

The public website has no analytics by default. Future Umami work must be opt-in, scrubbed, documented, and blocked from sensitive payload classes.

Proof

No borrowed assurance

Local validation, static builds, and no-network smoke evidence are not presented as certification, production-hosted validation, or full trusted erasure.

Boundary Local-first is a default operating posture, not a formal security certification or a promise that every future surface is proven.

Data lifecycle

From local signal to optional exit.

The route separates default local product behavior from optional transfer surfaces and cleanup limits.

  1. 01 Hook event

    Work starts as local development signals.

    Claude Code hooks, Codex CLI hooks, or compatible producers can emit bounded workflow events for the local product. Compatible producers can use the generic event API shape.

    Default
    The public website never receives hook payloads. Product hook data starts in the user's local development context.
    Boundary
    Prompts, transcripts, command bodies, credentials, and broad local paths are not valid public website payloads.
  2. 02 Local ingest

    The local server normalizes reviewable state.

    A local ingest path can turn events into bounded mission, timeline, diagnostic, and review records for the local cockpit.

    Default
    The baseline does not require Supabase, hosted persistence, public replay, or a cloud account.
    Boundary
    External provider transfer remains disabled unless explicitly configured and separately allowed.
  3. 03 Cockpit display

    Operators review state in a local browser surface.

    The cockpit can display missions, lanes, status, replay, settings, and diagnostics while staying distinct from this public website.

    Default
    Browser preferences and replay state are local browser state, not public website collection.
    Boundary
    Static website examples must not be read as live telemetry or connected workspace state.
  4. 04 Optional transfer

    External exits are deliberate surfaces.

    War Room collaboration is optional and separate from the local baseline. Discord, Telegram, and generic HTTPS adapters are optional outbound paths. Provider analysis, the public demo, and public docs are separate from the default local path.

    Default
    A configured external surface is required before transfer can happen, and sensitive categories stay blocked or redacted.
    Boundary
    Optional transfer is not hosted identity, production auditability, public collaboration safety, or default analytics.
  5. 05 Cleanup limits

    Cleanup exists by boundary, not as one trusted erasure claim.

    Browser reset, local file deletion, Worker room cleanup, backup pruning, and archive removal are different authority boundaries.

    Default
    FactionOS keeps full trusted unified erasure as a no-claim until every boundary has evidence.
    Boundary
    Manual cleanup and scoped deletion are not presented as one proven end-to-end erasure workflow.

What stays local

Sensitive classes are named before they are handled.

Each class distinguishes public website behavior from product runtime behavior and blocked transfer rules.

Prompts

Mission prompts and summaries can describe sensitive work intent.

Website
The public website does not collect or request prompts.
Product
Prompt text stays local by default and is minimized before optional provider transfer.
Blocked
Raw prompt bodies are blocked from public docs, diagnostics, logs, exports, and analytics.
File paths

Paths, cwd values, repo names, and transcript paths can expose local structure.

Website
The public website cannot inspect local filesystem paths.
Product
Local product surfaces redact broad paths before broad exposure.
Blocked
Full local paths are blocked from website analytics, hosted diagnostics, and public examples.
Terminal output

Command output can contain secrets, paths, hostnames, or source snippets.

Website
The public website does not run commands or collect terminal output.
Product
Terminal output is not a default hook payload category and must stay bounded when summarized.
Blocked
Raw terminal scrollback is blocked from analytics, public docs, and optional federation frames.
Local event snapshots

Timeline, diagnostic, and mission snapshots can reveal workflow context.

Website
Static pages do not fetch local events, open WebSockets, or personalize content.
Product
Snapshots remain local runtime state unless a user configures an outbound surface.
Blocked
Diagnostics must use compact status labels, counts, timestamps, and safe family names.
Credentials

Tokens, API keys, auth headers, and credential-bearing URLs are high-risk payloads.

Website
The public website has no login, hosted form, auth flow, or credential collection path.
Product
Credential-like values are redacted from local logs, diagnostics, exports, and adapter payloads.
Blocked
Secrets, bearer values, account ids, and credential URLs are blocked at every external boundary.
Replay data

Replay state and share fragments can carry local mission history.

Website
This website does not accept replay uploads or public replay state.
Product
Replay state is local browser state unless the user explicitly exports or shares it.
Blocked
Replay buffers are blocked from Worker catch-up, hosted diagnostics, and analytics payloads.
Demo payloads

The zero-install demo is synthetic and separate from real local sessions.

Website
This website links to the separate demo and does not embed a live demo payload.
Product
Demo content must stay clearly synthetic and separate from local runtime state.
Blocked
Real prompts, paths, scans, exports, logs, and media drafts are not demo payload material.
User-provided code

Code snippets and file contents can include proprietary logic or personal data.

Website
The public website has no upload, form, CMS, or code submission path.
Product
Codebase analysis requires local user action and optional provider transfer remains two-level opt-in.
Blocked
File contents and user-provided code are blocked from analytics, public examples, and default adapters.

Optional boundaries

Every external surface gets a label.

Optional War Room, outbound adapters, future hosted services, demo, and docs are separate from default local behavior.

Collaboration

Optional War Room

optional transfer named

War Room collaboration is optional and separate from the local baseline. Federation is a separate Cloudflare Worker surface for room lifecycle, presence, bounded catch-up, and allowlisted redacted events when configured.

Controls

  • User-configured Worker URL before use.
  • Schema-validated frame families only.
  • Authority tokens stay browser-held request credentials.

No claim

  • Hosted account identity
  • SSO or organization membership
  • Public collaboration safety
  • Full trusted erasure
How It Works Follow hook ingest, protocol events, local server state, and cockpit views.
Notifications

Outbound adapters

optional transfer named

Discord, Telegram, and generic HTTPS adapters are optional outbound paths. Provider-style outputs are optional exits that require explicit configuration and redaction.

Controls

  • Outbound formatters redact tokens, paths, URLs, and command previews.
  • Provider transfer needs API key configuration plus an allow-transfer flag.
  • Failures should stay visible instead of silently dropping operator context.

No claim

  • Default upload
  • Raw prompt transfer
  • Terminal capture
  • Hidden telemetry
Product Map the local, optional, outbound, and synthetic demo product surfaces.
Hosted

Future hosted services

future review named

Supabase, hosted storage, push, analytics, tunnels, public replay, and remote access remain disabled-default or future review surfaces.

Controls

  • A scoped session must add consent, minimization, authorization, abuse controls, tests, and docs.
  • Local fallback remains part of the product baseline.
  • Production-hosted claims wait for sanitized live validation evidence.

No claim

  • Hosted persistence
  • Remote execution
  • Inbound command handling
  • Production-hosted validation
Security Read local-first privacy posture, optional transfer surfaces, and no-claim limits.
Demo

Public demo

separate static named

Synthetic zero-install demo hosted separately from this website. It is useful for inspection but not connected to a user's local workspace.

Controls

  • External destination label on links.
  • Synthetic payload posture.
  • No workspace import path through this page.

No claim

  • Live local session
  • Production app shell validation
  • Real customer data processing
Open Demo Synthetic zero-install demo hosted separately from this website. (external link)

Redaction and consent

Guardrails block sensitive payloads by class.

Redaction, consent, and passive telemetry posture stay explicit so future integrations cannot inherit broad permission by accident.

Redaction

Sensitive classes are blocked before broad exposure.

Redaction is boundary-specific, so every external, diagnostic, export, archive, adapter, and future analytics surface needs explicit minimization.
Payload shape
Use allowlisted labels, counts, statuses, timings, and safe family names instead of raw payload bodies.
Boundary review
A transfer that is safe for one local view is not automatically safe for Worker storage, provider calls, logs, or public copy.
  • prompts
  • transcripts
  • file contents
  • terminal output
  • secret values
  • full local paths
  • PII
  • exports
  • replay buffers
  • logs
  • backups
  • scan payloads
  • media drafts

Consent

External transfer requires explicit user action.

Configured keys, Worker URLs, or destination links are not treated as blanket permission to send sensitive development data.
Provider calls
LLM provider transfer requires both a provider key and an explicit allow-transfer setting before file analysis leaves the machine.
Collaboration
War Room use requires a configured Worker URL and room action; it does not become default hosted identity.
External links
Demo and docs links disclose that they leave the website for separate public destinations.
  • raw authority tokens
  • credential-bearing URLs
  • account settings
  • unrelated local config
  • workspace file content

Telemetry

Settings can show posture without recording behavior.

Passive settings and readiness copy may explain disabled analytics and hosted-service status without enabling capture.
Status only
Readiness helpers report labels, booleans, docs paths, allowed fields, and blocked payload categories.
No recorder
Recorder, heatmap, dashboard, session replay analytics, server ingestion, beacon sender, and SDK import remain absent.
  • click recordings
  • session replay
  • console logs
  • prompt text
  • local paths
  • demo session payloads
  • user-provided code

Analytics posture

Absent by default, future-gated by guardrails.

The first-release public website does not ship analytics. Umami is documented as a future optional provider only after consent, scrubbing, host controls, and tests exist.

Website No analytics

No tracking script, beacon, SDK import, form handler, cookie, or localStorage write is added.

Future provider Umami

Future Umami work must stay disabled by default or explicitly controllable and self-hostable.

Replay Blocked

Recorder, heatmap, replay-style inspection, console-log capture, and raw event capture stay off.

Blocked payload classes

  • prompts
  • transcripts
  • file contents
  • terminal output
  • secret values
  • full local paths
  • PII
  • replay data
  • demo session payloads
  • user-provided code

Future conditions

  • Explicit consent or disabled-default controls.
  • Payload allowlist and blocked sensitive classes.
  • Host and version filtering.
  • Tests proving no recorder, heatmap, replay, or sensitive payload capture.
  • Docs that distinguish analytics posture from product security claims.

Boundary A future analytics adapter would not prove hosted identity, production auditability, certification, or trusted erasure.

Next trust checks

Inspect the product without changing the boundary.

Synthetic zero-install demo hosted separately from this website. Read the public docs, or follow the product and how-it-works routes to compare local, optional, outbound, and future surfaces.

Open Demo (external link) Read Docs (external link)

Boundary These links do not add tracking, forms, auth, hosted persistence, runtime fetches, or live workspace access to this page.

Security FAQ

Trust questions without unsupported claims.

Answers stay focused on product and website posture, with legal policy and formal assurance left to their own routes and evidence.

Does FactionOS require a hosted account?

No for the core workflow. No hosted account is required for the core local workflow.

That statement is intentionally narrow. It does not claim SSO, organization membership, hosted identity, public collaboration safety, or production auditability.

Boundary Optional hosted or Worker surfaces must be described separately from the local default.

Does this website collect prompts, paths, terminal output, or code?

No. This public website is static Astro output with no hosted form, auth flow, analytics script, runtime fetch, WebSocket, command execution, cookie, or localStorage write.

The website can link to the demo and docs, but it does not inspect a local workspace or receive product hook payloads.

Boundary External destinations are separate surfaces and use explicit external link treatment.

When can data leave the developer machine?

External transfer requires a configured optional surface, such as War Room, an outbound adapter, or provider analysis that passes the project transfer controls.

Provider analysis is two-level opt-in: credentials alone are not enough; explicit provider transfer must also be allowed.

Boundary Default local behavior must not be rewritten as default hosted upload.

What does optional War Room share?

War Room federation is limited to allowlisted redacted room lifecycle, presence, bounded catch-up, and collaboration event families when a Worker URL and room flow are configured.

It must not transfer prompts, file contents, command bodies, terminal output, transcripts, exports, replay buffers, logs, local diagnostics, backups, or raw authority tokens.

Boundary Worker-issued room authority is not hosted account identity or trusted unified erasure.

Are analytics active?

No. The first-release public website has no analytics by default.

Future Umami work must be explicitly controllable, scrubbed, documented, tested, and blocked from sensitive payload classes before runtime tracking exists.

Boundary Future analytics readiness is not active website or product tracking.

Can FactionOS erase every copy of my data?

FactionOS does not claim full trusted unified erasure today. Browser reset, local file cleanup, Worker room-state deletion, backup pruning, and archive deletion are separate authority boundaries.

The broad erasure claim stays unavailable until every claimed surface has dry-run, confirmation, execution, idempotency, partial-failure handling, redacted audit, and verification evidence.

Boundary Scoped cleanup is useful, but it is not one proven end-to-end erasure workflow.

How are credentials handled?

The public website has no credential collection path. Product code treats bearer values, API keys, auth headers, credential-bearing URLs, and account ids as blocked or redacted data.

War Room raw authority tokens are browser-held request credentials and must not be stored in localStorage, displayed, exported, replayed, logged, or copied into diagnostics.

Boundary Credential posture is not a hosted account, SSO, or certification claim.

Are the demo and docs connected to my local workspace?

No. The demo and docs are separate public destinations. The demo uses synthetic examples, and the GitBook docs hold setup and reference material.

Opening those links does not connect this website to a local FactionOS runtime or import a local workspace session.

Boundary External links leave this website and are not public proof of production-hosted validation.

No. This page explains current product and website posture for visitors evaluating trust boundaries.

Formal legal policy pages, owner review markers, and certification evidence are separate work and must not be implied here.

Boundary Public trust copy must not become legal policy, formal certification, or unsupported assurance.