Security
Public/private boundaries, approval rules, and data isolation.
Public vs Private
Users can see
- • Their startup page and shareable trial URL
- • Startup score summary (not formulas)
- • MVP roadmap and reports they earned
- • Credits balance and upgrade paths
- • Support explanations and approval queue status
Keep private
- • Exact scoring formulas and rubrics
- • Private recipes and venture genome templates
- • Model routing rules and cost logic
- • Noaerth internal strategy and rankings
- • Agent prompts and quality gates
Approval Gate Flow
Safe automatic
- • Read repo
- • Generate draft
- • Score venture
- • Summarize logs
Approval required
- • Push to GitHub
- • Deploy to Vercel
- • Edit production config
- • Send email or change billing
- • Delete data or publish public pages
- • Run expensive jobs beyond plan limits
Risk Control Matrix
| Risk | Severity | Control | Status |
|---|---|---|---|
| Building too much before trial page works | high | 7-day roadmap focus on /trial funnel | active |
| Free users triggering expensive jobs | critical | Hard gates: no repo, deploy, worker-run for free | mitigated |
| Cursor/Aider production dependency | high | Native build engine ownership | watching |
| Recipe leakage to users | critical | Expose results, not recipes | mitigated |
| Runaway repair loops | high | Loop limits + approval gates | active |
| Overpromising in public copy | medium | Claim registry + proof-safe copy | watching |
Public users can see
Their own workspace outputs only.
Keep private
All operator IP: recipes, rubrics, routing, internal strategy.
Approval required
Any action that changes production, billing, or user data.