Security

1. Platform security model

Zentro is built around a controlled operations model: high-impact changes require explicit approvals, dry-run context, and policy checks before execution. This reduces unsafe direct execution paths and supports stronger operational review.

2. Guardrails and execution controls

• Approval checkpoints for high-risk actions.
• Dry-run and policy enforcement before automation execution.
• Auditable incident, approval, and automation event history.
• Connector health visibility before operational workflows proceed.

3. API and operational endpoint hardening

Operational routes are configured with hardened response policies, including:

• Restricted indexing for operational and health endpoints.
• Security headers such as content type protections and frame restrictions.
• No-store and noindex handling for sensitive runtime metadata surfaces.

4. Domain and transport posture

Production metadata and canonical links are anchored to the apex domain zentro.run. Requests to www hosts are redirected to the canonical apex host to avoid split-origin behavior.

5. Incident response and disclosure

If you believe you identified a vulnerability, report it privately to support@zentro.run. Include reproduction steps, affected endpoints, and potential impact. We triage reports promptly and coordinate remediation and customer communication as needed.

6. Security documentation

Additional policy details are available in Trust & governance and the repository SECURITY.md document.