Trust starts with clear scope and real controls.

Open-source core

• Axint compiler source is public on GitHub under Apache 2.0.
• Public proof stays tied to the shipped release, test count, and diagnostics surface.
• Registry package metadata, validation history, and publish-policy review can be surfaced on package pages.

Hosted Cloud controls

• Anonymous Cloud report URLs and shareable collections without a required account.
• GitHub sign-in for Cloud workspaces.
• Signed OAuth state validation on the browser callback path.
• Server-side session proxying and CSRF protection on browser mutations.

Workspace lifecycle controls

• Export a workspace as JSON.
• Anonymize workspace metadata and attached notes.
• Transfer ownership to another existing member.
• Purge with typed-name confirmation.
• Validation history can be re-run into current-compiler baselines without changing install counts.

Package trust posture

Package trust is now tied to the published artifact: compiler-backed validation, canonical bundle hashing, compatibility history, and publish-time policy checks live with the package record instead of in release notes or screenshots. Registry coverage is also visible on a public compatibility-status surface, not hidden behind internal ops notes.

Operational model

• HTTPS on every public surface.
• Managed platform storage for package payloads, Cloud reports, and workspace state.
• Workspace purge removes shared state immediately, with a signed 30-day tombstone for audit.
• Trust and incident questions route to [email protected].

Proof links

• Axint trust page
• Axint Cloud
• Axint Registry
• Registry compatibility status
• Canonical bundle hash implementation
• CLI publish verification path
• CLI install verification path