Identity and authorization
Authenticated routes, tenant scoping, and admin, analyst, and viewer roles limit access to workspace operations.
Security
Security controls are designed around explicit scope, tenant boundaries, role-aware access, protected credentials, traceable evidence, and observable provider health.
Last updated 14 July 2026
01
Authenticated routes, tenant scoping, and admin, analyst, and viewer roles limit access to workspace operations.
Service credentials belong in managed environment or secret stores and must not be exposed to browser code or logs.
Audit events, health checks, controlled scan phases, and deployment gates support investigation and recovery.
02
Production deployments should use a verified domain and TLS. The temporary staging IP endpoint is HTTP and must not receive sensitive credentials.
Report suspected vulnerabilities privately to support@spectra.security with subject `Security:` and reproducible, sanitized evidence.
Do not access unrelated data, persist in systems, disrupt service, or publish an issue before a coordinated review.
Next step