Security & Protocols

Align operates under a strict security model. Your code is sacred. Here's how we protect it.

Zero-Production Access

Align agents never touch your production environment. All operations occur in isolated sandboxes with no network access to live systems.

Environment Isolation
Production DBNo Access
Live API KeysNo Access
User PIINo Access
Staging BranchWrite Access

Least Privilege Identity

The Align agent operates with the minimum permissions required. No admin access. No deployment triggers. Just content commits to a designated staging branch.

GitHub Permissions Scope
{
  "permissions": {
    "contents": "write",    // Push to staging only
    "pull_requests": "write",
    "metadata": "read"
  },
  "repository_selection": "selected",
  "blocked_actions": [
    "workflow_dispatch",
    "delete_branch",
    "force_push",
    "admin_access"
  ]
}
Allowed
  • Create branches
  • Open pull requests
  • Push commits
Blocked
  • Merge to main
  • Delete branches
  • Trigger deployments

Deterministic Guardrails

Every agent action passes through a deterministic validation layer. No hallucinated paths. No unauthorized file modifications.

Code Sandbox Execution Path
Agent Request
Path Validator

Checks allowed directories

Content Validator

Scans for sensitive patterns

Diff Analyzer

Limits change scope

Sandboxed Commit
Guardrail Rules
RULE_001Only /content, /blog, /pages directories are writable
RULE_002Max 500 lines changed per commit
RULE_003No executable code (.js, .ts, .py) modifications
RULE_004Environment variables are read-only

Human-in-the-Loop: The Kill Switch

You are always in control. Every agent action requires explicit human approval. One click to pause. One click to revoke.

Agent Control Panel
ACTIVE

Approval Workflow

1Agent generates content and opens PR
2You receive Slack/Email notification
3Review changes in GitHub UI
4Approve & Merge (or reject)

Nothing reaches production without your explicit consent. Ever.

Questions about our security practices? security@align.dev