Security
Built for explicit, auditable automation.
The production API will keep rendering deterministic and require explicit confirmation for store upload and billing actions.
Agents should never log API keys, store credentials, or signed result URLs. Planned integrations will use idempotency keys, scoped API tokens, signed webhooks, and explicit approval steps before App Store Connect or Google Play publishing actions.
Report security issues to justin@gluska.co.