Security
How AutoBuilder protects keys, data, and external actions.
Secret handling
API keys stay server-side. Public status shows PRESENT/MISSING only.
Approval gates
Build jobs, shipping, and external integrations require founder approval.
RLS readiness
Supabase Row Level Security must be verified manually in dashboard.
No auto-deploy
Vercel production deploy is gated. Agents do not run vercel --prod.
No auto-push
GitHub changes are manual. Packets are copy-paste workflows.
No public sharing without approval
Ventures are private by default.