No secrets in the customer surface
No privileged backend credentials or private infrastructure identifiers appear in any customer-facing page or response.
Security posture / customer surface
What Island Intel JA protects, and how.
Customer accounts are scoped, revocable, and observable from inside the account. The platform never exposes direct infrastructure access, privileged credentials, or private infrastructure identifiers to a customer session.
Control principles
Customer access stays scoped and revocable.
Scoped credentials, not raw access
Each customer account receives credentials scoped to the customer-safe tool surface. Scope is bound by the plan, entitlement policy, and organisation.
Show-once token rule
MCP credentials issued from inside the customer account are shown once at creation. Only a one-way hash is stored. Tokens are revocable at any time.
Revocable agent connections
OAuth 2.1 connections to AI agent hosts can be revoked from inside the customer account. Revocation is enforced before the next tool call.
Usage limits enforced server-side
Plan-level rate limits and per-tool-family quotas are enforced by the Island Intel JA gateway, not by the identity provider.
Append-only telemetry
Every customer tool call, allowed or denied, is recorded in an append-only telemetry stream the customer can review from inside the account.
No privileged credential exposure
Privileged credentials are never exposed to customer sessions, AI agent hosts, or any customer-facing surface.
Customer-safe MCP boundary
The MCP tool surface visible to a customer's AI agent is restricted to the customer-safe profile. Operations tools and write paths are not reachable.
Documented privacy posture
Telemetry records what tool ran, who called it, and which plan applied. It does not store raw client IP addresses or unnecessary PII.
Report privately before public testing.
Security researchers can report potential issues through the contact path provided to approved accounts. Do not publish or test against production resources without explicit authorisation.