Axint is not selling a generic security story. The trust surface is specific: GitHub-backed auth, compiler-backed validation, canonical bundle hashing, user-controlled Cloud deletion, and public proof for the parts of the stack that are open source.
Registry and Cloud use GitHub identity. Browser sessions go through a server-side session proxy instead of localStorage token storage.
Cloud mutations require a CSRF token, and Registry browser auth verifies signed OAuth state before issuing a session token.
The compiler itself stays usable without an account. Sign-in is for publishing, Cloud workspaces, and package management surfaces.
Published packages are public artifacts and remain in the Registry as part of the package index.
Cloud workspaces are user-controlled. Owners can export, anonymize, transfer, or purge a workspace from the product UI.
Workspace purge removes the workspace immediately. A signed tombstone record stays for 30 days so deletion can be audited, then that tombstone is purged too.
Registry publish runs a compiler-backed validation pass and stores the result as a durable package report instead of relying on a synthetic green badge.
Package pages can now carry validation history, compatibility baselines, and publish-time policy review so the trust story is tied to the exact version being installed.
Cloud report URLs are stable references for package review, release checks, and partner demos. They are meant to replace screenshots and copied logs.
The CLI computes a canonical bundle hash before publish. The Registry recomputes the same hash server-side and rejects the publish if they disagree.
Install re-runs the canonical hash over the fetched package payload so a client can verify the artifact it received matches what the Registry recorded.
Hash verification is about payload integrity and canonicalization drift. It is not marketed as signed attestation or notarization.
Public traffic to axint.ai, registry.axint.ai, and agenticempire.co is served over HTTPS.
At rest, package payloads, Cloud reports, and workspace state sit on managed platform storage rather than ad hoc disks or shared developer machines.
Trust questions, abuse reports, and incident notifications route to a human inbox. If the issue involves private user data, include enough context for us to trace the affected workspace or package version quickly.
This page stays tied to the live product surface. When a new trust control ships, it gets documented here with a proof link. When something is not built yet, it does not get marketed as if it already exists.