Zero-trust access
API clients authenticate with cookies or tenant API keys, tenant routes are validated against authenticated claims, and internal runtime channels use signed tokens rather than network location as proof of trust.
Flex is designed for teams who want AI coding workflows near real repositories without turning every preview into a trust exception. Requests are scoped to tenants, workers authenticate back to Flex, secrets are encrypted at rest, and tenant-dedicated orchestrators can run where your team controls the runtime.
Zero trust
Authenticated boundaries
Tenant scoped
Role-based access
Self-hostable runtime
Your infrastructure
Runtime boundary
Control plane
Flex web app
Authenticates users, resolves tenant context, and issues scoped runtime tokens.
Team runtime
Tenant orchestrator
Runs preview containers on approved infrastructure and reports health back to Flex.
Preview workload
Isolated container
Receives only the runtime configuration and secrets needed for that run.
Flex treats users, tenants, workers, sidecars, and preview containers as separate trust boundaries. Each boundary has explicit authentication or scoping before it can touch repository data, secrets, runtime environments, or tenant-specific API routes.
API clients authenticate with cookies or tenant API keys, tenant routes are validated against authenticated claims, and internal runtime channels use signed tokens rather than network location as proof of trust.
Tenant claims, route validation, EF Core query filters, and role checks keep workspace data scoped to the right organization. Product, engineering, admin, and owner roles gate progressively more sensitive actions.
Stored project secrets and integration tokens are encrypted with AES-GCM. Default encryption uses an app key plus a per-tenant salt, and project secrets can also use a user-provided key that Flex does not store.
Flex supports tenant-dedicated orchestrators for teams that need workloads to execute on approved machines, networks, or cloud accounts. The orchestrator bootstraps with a one-time token, exchanges it for a scoped identity, and connects back over an authenticated control channel.
Scoped orchestrator identity
Bootstrap tokens can be shared or tenant scoped. Runtime JWTs include the orchestrator ID, scope, and tenant when the worker is dedicated to one tenant.
Authenticated sidecars
Sidecar agents receive signed JWTs tied to a tenant and prototype, and Flex rejects sidecar events when token claims do not match the target workload.
Controlled preview routing
Preview containers are labeled by tenant and prototype, routed through Traefik, and cleaned up through orchestrator deprovisioning and reconciliation paths.
Practical runtime model
Flex encrypts secrets at rest and limits access by tenant and role. When a preview needs credentials to clone code, call a model, or boot the application, those runtime secrets are passed only to the container doing that work. This keeps the model explicit: protect secrets in storage, scope who can configure them, and give each run the minimum environment it needs to produce a reviewable result.