Secure access path
The request path is open. The machine-facing door stays closed by default until the public threat model, network-boundary evidence, and rollout controls are ready.
No browser-to-machine tunnel, direct callback into a local workstation, or public control endpoint is enabled from this page. We are not presenting a live machine link until the public exposure controls for that boundary are demonstrated, not merely planned.
What is open now
AIIR today
Use AIIR locally, in CI, in the VS Code extension, and through MCP without routing repository operations through a public website.
Hub early access
You can request Hub early access today so we can plan fit, timing, and onboarding without exposing a machine-facing endpoint before it is ready.
What must be true before this opens
- A public threat model for the machine-linking boundary.
- Published evidence for the network boundary and public-exposure controls that would protect it.
- Closed-by-default rollout controls with an operator kill switch.
- Explicit authentication and least-privilege access scopes.
- Origin restrictions and request validation at the public edge.
- Tamper-evident audit logging for every sensitive action.
- Clear operator documentation for setup, rotation, and recovery.
What you can do now
If you want this capability, use the public request path now and we will keep the rollout gated until the security posture is ready.
Need help or want to engage?
Bug reports
File reproducible product bugs in the public tracker so fixes, regressions, and workarounds stay visible.
Questions and ideas
Use discussions for implementation questions, rollout feedback, and community conversation around AIIR.
Security reports
Do not post vulnerabilities publicly. Use the coordinated disclosure path with our published policy and response target.