# Security Notes

## Token model

The orchestrator uses Hugging Face OAuth. Do not store a global admin `HF_TOKEN` in the Space.

The user OAuth token is passed to HF Jobs as a secret named `HF_TOKEN`. The worker must never write it to the Bucket, traces, reports, generated files, or logs.

## Resource ownership

Generated Spaces are constrained to the signed-in user's namespace and are private by default.

The validation workflow is also limited to Spaces under the signed-in user's namespace.

## Hardware

Hardware assignment is best-effort. GPU upgrades may involve billing and may fail through OAuth. The supported fallback is manual hardware selection by the user followed by a separate validation job.

## Traces

Pi traces can contain prompts, tool outputs, paths, generated code, and potentially sensitive information. Raw traces should remain private. Redaction is best-effort and should not be treated as a formal data-loss-prevention system.

## Publication

The app never publishes generated Spaces automatically. Users should review generated code, license requirements, and validation results before making any generated Space public.