TaskFlow trust
Security
TaskFlow is built for controlled multi-project agent operations with project-scoped authorization and durable execution evidence.
Access control
- - TaskFlow authenticates connector traffic with OAuth or bearer tokens.
- - Project data is authorized through project membership before connector tools read or mutate records.
- - Project API keys remain bound to their project unless explicitly configured as internal global keys by the operator.
Agent-work guardrails
- - Builder runs record durable run state, checkpoints, handoffs, approvals, artifacts, and audit events.
- - High-trust operations are designed around project pods, workspace-root policy, and explicit approval checks.
- - MCP tools expose read-only and destructive annotations so compatible hosts can show appropriate risk cues.
Operational controls
- - Connector tools use timeout and result-size guards before returning responses to hosts.
- - Raw repo file APIs are restricted to global administrators.
- - Security issues can be reported to support@emun.io with the affected workspace, project, route, and timestamp.