Security model

Stable routes, product-owned authorization

CodexDock keeps worker claims and result submission scoped, while the host app remains responsible for product auth, quota, rate limits, and artifact storage policy.

Checklist

Production boundaries

  • Worker endpoints require a bearer worker token by default.
  • The host app wraps invoke routes with product auth, quota, and rate limits.
  • Workers can only submit results for invocations they claimed.
  • Worker tokens should be high entropy, hashed, revocable, and rotatable.
  • Large files and images should use host-owned storage, not long base64 rows.
  • Discovery should expose public URLs only for the environment being served.