Masked status
Show connected/not connected without exposing tokens.
Local token safety
Keep connector tokens out of the public app.
Repo and hosting tokens belong in local environment variables or private config files ignored from export. The visible dashboard only shows masked status.
No hidden scanningSelected sources onlyNo cloud upload by default
Local only
Tokens are read by local engine scripts at runtime.
Reset quickly
Clear or rotate tokens without changing public proof packs.
No browser secrets
Never place repo or hosting tokens in deployed frontend files.
Private engine commands
Run from the local-engine folder. Tokens stay outside the public dashboard.
npm run connectors:status
npm run config:guardPermission rule
Only scan folders, accounts and servers you own or have explicit permission to inspect.
Action rule
Discovery creates reports and queues. Move, delete, archive or repair actions require a separate explicit choice.
Proof rule
Private reports keep technical detail. Public-safe exports hide paths, source detail, tokens and repair internals.