Access control

IAM

Roles, scoped keys, rotation, and the encryption path for context records. Local controls for this sandbox view — changes reset on reload.

Role matrix

What each role can do across captures, context endpoints, keys, and policy.

PermissionOwnerDebuggerViewerAgent

View captures

Read context endpoint

Rotate keys

Manage policy

Invite users

Owner

Full control of captures, keys, policy, and membership.

Debugger

Investigates failures and rotates keys for assigned apps.

captures:listcontext:readkeys:rotate

Viewer

Read-only access to captures.

captures:list

Agent

Scoped context reads. Returns scrubbed fields only.

context:read

Scoped keys and their lifecycle states.

production ingest keyec_demo_••••f6b1ingest:writerotation due Aug 6, 2026active

context-read keyec_demo_••••a41fcontext:readused by agentsactive

staging ingest keyec_demo_••••7c33ingest:writeexpires Jun 20, 2026expiring

prior ingest keyec_demo_••••d208ingest:writerevoked Apr 22, 2026revoked

Rotate the active key, hold the overlap window, revoke the previous key.

Captured state is scrubbed and encrypted before it leaves the process.

Scrub in processPolicy rules redact and truncate sensitive fields at capture time.

Encrypt in processThe payload is sealed inside the SDK with a workspace data key.

Ciphertext leavesOnly encrypted payloads cross the wire — plaintext never leaves the service.

Scoped readsRoles and agent keys decrypt only the fields their scope allows.

Pick a role and a scope to see which operations are allowed.

RoleScope

Read a capture context endpointneeds Read context endpointallowed

Fetch the ordered IO sectionneeds Read context endpointallowed

Debugger carries captures:list, context:read, keys:rotate. Denied operations are recorded in the audit log, never silently dropped.