Security model
Understand local execution, Docker isolation, credential proxying, and dashboard authentication.
Local runtime
Agents run on the daemon machine in Docker containers. Docker is part of the isolation model, not an optional deployment detail.
Credentials
The daemon proxies supported credentials so most secrets are never written into the agent container. Credentials that have to live inside the agent environment (an SSH key, a tool-specific token) should be scoped as narrowly as possible.
Dashboard authentication
Sign-in is required because the dashboard can view and change daemon state, agent configuration, logs, billing, pair codes, and saved settings.