Security and Privacy Notes
Diagnostics With Control
CommandGate is built for teams that need faster first-pass diagnostics without hiding the checks, data flow, or approval boundary.
[Control Layer]
Visible Checks
CommandGate is designed to show the diagnostic evidence behind an answer so operators can judge the result.
[Control Layer]
Guarded Actions
Investigation and remediation are separated. Sensitive fixes should be reviewed before they run.
[Control Layer]
Local-First Beta
The private beta starts with BYOK so technical testers keep control over provider credentials and billing.
[Control Layer]
Clear Boundaries
CommandGate is a diagnostics agent, not a full RMM, observability, remote-control, or security platform.
Data Handling
- +Diagnostic prompts and relevant command output may be sent to the configured AI provider.
- +API keys should be entered through the app onboarding flow, not sent through support email.
- +Local history and configuration are intended to remain local unless a user exports or shares them.
- +Beta testers should review logs before sending them to support because logs can contain environment details.
Always Review
- !Destructive file operations
- !Privileged system changes
- !Firewall or network policy changes
- !Credential, keychain, or secret paths
- !Package installs or removals
- !Service restarts in production-like environments
- !Download-and-execute command patterns
Beta Support
Send setup questions, diagnostic failures, or safety concerns to the support address. Do not send API keys, private credentials, or unreviewed sensitive logs.