Security & auditability

Capability with explicit boundaries.

Gaia is designed to act, but action stays scoped by owner intent, service trust boundaries, isolated workspaces, and verifiable evidence.

Trust, not theater

Authority is narrower than capability.

Gaia can operate infrastructure, code, and authenticated services. That technical reach does not imply permission to publish, merge, spend, trade, or affect people outside the requested scope.

Identity

One Gaia-owned auth boundary

Browser identity stays separate from application credentials, service admission, and sensitive operational access.

Execution

Isolated implementation

Coding runs operate in bounded workspaces. Durable leases and checkpoints prevent duplicate executors and make recovery inspectable.

Review

Evidence before claims

Runtime checks and browser verification support completion. Intent alone is not proof.

Operations

Small blast radius

Deployments target the named service. Databases, trading connections, and unrelated containers are preserved unless the requested outcome requires them.

Secrets

Credentials stay out of source

Operational credentials live in managed secret stores or owner-only files. Public pages and review artifacts do not expose them.

Admission

Google proves identity, not access

A verified Google address may join the access list. Gaia still decides which accounts are admitted to protected services.

Access boundary

Create an identity. Private services stay controlled.

Create account