Security

Secure AI development that can run inside your infrastructure.

Flex is designed for teams who want AI coding workflows near real repositories without turning every preview into a trust exception. Requests are scoped to tenants, workers authenticate back to Flex, secrets are encrypted at rest, and tenant-dedicated orchestrators can run where your team controls the runtime.

Zero trust

Authenticated boundaries

Tenant scoped

Role-based access

Self-hostable runtime

Your infrastructure

Runtime boundary

Control plane

Flex web app

Authenticates users, resolves tenant context, and issues scoped runtime tokens.

Authenticated SignalR + scoped JWT

Team runtime

Tenant orchestrator

Runs preview containers on approved infrastructure and reports health back to Flex.

Docker labels + Traefik route

Preview workload

Isolated container

Receives only the runtime configuration and secrets needed for that run.

Live preview URL

Security controls built into the workflow

Flex treats users, tenants, workers, sidecars, and preview containers as separate trust boundaries. Each boundary has explicit authentication or scoping before it can touch repository data, secrets, runtime environments, or tenant-specific API routes.

Zero-trust access

API clients authenticate with cookies or tenant API keys, tenant routes are validated against authenticated claims, and internal runtime channels use signed tokens rather than network location as proof of trust.

Tenant isolation

Tenant claims, route validation, EF Core query filters, and role checks keep workspace data scoped to the right organization. Product, engineering, admin, and owner roles gate progressively more sensitive actions.

Encrypted secrets

Stored project secrets and integration tokens are encrypted with AES-GCM. Default encryption uses an app key plus a per-tenant salt, and project secrets can also use a user-provided key that Flex does not store.

Run Flex where the code should run

Flex supports tenant-dedicated orchestrators for teams that need workloads to execute on approved machines, networks, or cloud accounts. The orchestrator bootstraps with a one-time token, exchanges it for a scoped identity, and connects back over an authenticated control channel.

Scoped orchestrator identity

Bootstrap tokens can be shared or tenant scoped. Runtime JWTs include the orchestrator ID, scope, and tenant when the worker is dedicated to one tenant.

Authenticated sidecars

Sidecar agents receive signed JWTs tied to a tenant and prototype, and Flex rejects sidecar events when token claims do not match the target workload.

Controlled preview routing

Preview containers are labeled by tenant and prototype, routed through Traefik, and cleaned up through orchestrator deprovisioning and reconciliation paths.

Practical runtime model

Least access for each run

Flex encrypts secrets at rest and limits access by tenant and role. When a preview needs credentials to clone code, call a model, or boot the application, those runtime secrets are passed only to the container doing that work. This keeps the model explicit: protect secrets in storage, scope who can configure them, and give each run the minimum environment it needs to produce a reviewable result.