Security

How security checks work

Sundial keeps workspace secrets encrypted at rest and injects only the names and values needed by the runtime. Review links make file changes visible before users rely on them, and GitHub actions run through the same sandbox path as agent-initiated commands.

High-value integrations should hold provider tokens server-side whenever possible. Anything exposed to bash is visible to the agent process, so Sundial treats native backend tools as the stronger boundary for sensitive operations.