Deployment safeguards
Before storing assets, the Worker validates deployment file paths, byte counts, SHA-256 digests, total upload size, file count, and declared content types. The CLI skips common secret files and source maps by default.
Scoped runtime access
Runtime tokens carry a class, scopes, allowed spaces and environments, optional allowed origins, expiry, and revocation metadata. Only token hashes are stored; token plaintext is returned only at creation time.
Private files
File uploads are private by default and require a service token. The current JSON/base64 upload transport caps a file at 2 MiB; larger-file workflows are not yet part of the public runtime.
Security reporting
For a security concern or private-beta question, contact hello@deploylet.com.