Security Model
todos.md is built around tenant-isolated data, short-lived sessions, API keys, and auditable changes.
Local boundary
Local machines may keep:
- CLI configuration.
- Authentication state.
- Safe cache entries.
- Downloaded exports.
Local machines should not receive production secrets or server-only data.
Server boundary
The production API applies row-level security to tenant data and uses service context only for trusted server workflows such as authentication, billing webhooks, imports, and workers.
Access boundary
People use authenticated sessions. Agents use API keys or MCP credentials. Owners control membership and billing.
Service accounts are organization-scoped agent principals. Owners create a service account with explicit scopes, then mint one-time API keys for that account. The API stores only key prefixes and hashes, never plaintext keys after the creation response.
Supported scopes cover platform metadata, organization administration, tasks, projects, plans, runs, artifacts, storage, imports, billing, email, service accounts, and API key lifecycle operations. A service account key cannot exceed the scopes granted to its service account.
API keys can be listed, revoked, and rotated through the hosted API, remote CLI, and admin MCP tools. Revoked key hashes are denied before signed-token scope checks run.
Audit trail
Every important change should keep:
- Actor.
- Organization.
- Action.
- Target.
- Time.
- Safe metadata.
Credential events include service account creation, API key creation, revocation, and rotation. Audit metadata includes IDs, prefixes, and scopes, but never raw API keys or hashes.