Trust and security
Know where the boundary is
Self-hosted OpenClowd runs on your machine, and repository data, prompts, transcripts, and session history stay on that machine by default. Safe remote access still requires deliberate host security, HTTPS, and authentication.
Last updated
Remote access
Reachable from anywhere must mean reachable safely. The recommended setup must not expose unauthenticated OpenClowd, terminal, or workspace-preview ports to the public internet.
Access model
The launch product is a single-owner system. Anyone authenticated into the instance should be treated as having access to every workspace, session, transcript, preview, and setting.
Transcripts and secrets
Transcripts are sensitive host-local data and may contain confidential information or secrets. OpenClowd should store as little secret material as possible and rely primarily on host-native Git and agent credentials.