Security for autonomous work starts with bounded authority

Bolt Foundry is designed to be a local-first app that works only with the folders, sources, and permissions you approve. Lower-trust assistant work is intended to happen inside isolated runtime boundaries instead of as one generic assistant with ambient machine-wide authority.

The security story also depends on secrets staying host-owned, outbound activity following explicit bounded paths, and the important operating truth staying readable instead of disappearing into opaque app-only state.

Explore the boundary model Talk with the team

Bolt Foundry keeps AI work controlled

This page describes the intended boundary model assembled from active BFDesktop security notes: bounded workspace authority, isolated lower-trust runtime work, host-owned secrets, explicit outbound paths, readable filesystem-backed operating truth, and conservative write behavior.

It is not a claim that every hardening step is already complete. In particular, networking, provider auth, writeback/apply-back, and some scoped-authority work are still staged hardening areas.

Bounded workspace authority

You choose the folders, sources, and workspace context Bolt Foundry can use instead of treating the whole machine as ambient assistant territory.

Isolated lower-trust runtime

Lower-trust assistant work is intended to run outside the main app process in BFDesktop-owned isolated runtime boundaries.

Secrets stay host-owned

Sensitive credentials are meant to stay under host control instead of becoming raw long-lived secrets inside runtime containers by default.

Explicit outbound paths

Bolt Foundry itself is not supposed to quietly make arbitrary root-process network requests. Outbound activity is meant to happen through explicit bounded runtime paths.

Readable operating truth

Important operating information is intended to stay in plain Markdown files in the filesystem so people and assistants can inspect the same durable artifacts.

Conservative writes

The selected workspace remains the source-of-truth input, while runtime-backed writes are intended to stay policy-controlled and conservative rather than silently mutating the canonical source tree.

Visibility and escalation

The product is meant to show what the assistant is doing, what failed, and when a person should step in instead of hiding authority behind opaque automation.

Read-only first

Writes and broader authority are intended to be earned gradually, with read-only access remaining a sensible starting point until the team is ready to widen scope.

Frequently asked

Security questions teams ask before they trust an AI employee

Is this a compliance page?

What can Bolt Foundry do on its own, and what should require approval?

Does Bolt Foundry quietly make network requests from the main app?

Where does the important operating truth live?

Are you claiming every hardening step is already finished?

Keep following the work

Want updates on how Bolt Foundry handles workspace authority, runtime boundaries, and safer delegated AI work?

Join the list for product updates and early conversations with the Bolt Foundry team.

Visit the homepage Contact the team

Get product updates

If your team cares about local-first boundaries, host-owned secrets, readable operating truth, and safer delegated AI work, join the list for updates and early conversations.