Identity
One Gaia-owned auth boundary
Browser identity stays separate from application credentials, service admission, and sensitive operational access.
Security & auditability
Gaia is designed to act, but action stays scoped by owner intent, service trust boundaries, isolated workspaces, and verifiable evidence.
Trust, not theater
Gaia can operate infrastructure, code, and authenticated services. That technical reach does not imply permission to publish, merge, spend, trade, or affect people outside the requested scope.
Identity
Browser identity stays separate from application credentials, service admission, and sensitive operational access.
Execution
Coding runs operate in bounded workspaces. Durable leases and checkpoints prevent duplicate executors and make recovery inspectable.
Review
Runtime checks and browser verification support completion. Intent alone is not proof.
Operations
Deployments target the named service. Databases, trading connections, and unrelated containers are preserved unless the requested outcome requires them.
Secrets
Operational credentials live in managed secret stores or owner-only files. Public pages and review artifacts do not expose them.
Admission
A verified Google address may join the access list. Gaia still decides which accounts are admitted to protected services.
Access boundary