Security & control
Headmaster is designed to keep sensitive work inside your workspace.
How Headmaster protects your work
Secret exfiltration blocking
Browser URLs and LLM responses are scanned for secret patterns. Exfiltration via URL encoding, base64, or prompt injection is blocked automatically.
SSRF & injection protections
SSRF redirect guards on all platform integrations. Shell injection neutralisation in sandbox writes. Git argument injection prevention.
MCP OAuth 2.1 PKCE
Standards-compliant OAuth for all MCP server authentication. Automatic malware scanning of MCP extension packages via the OSV vulnerability database.
Credential isolation
Credential directory protections across .docker, .azure, .config/gh. API keys stay scoped to the run that needs them. Secrets never appear in prompts.
Approval gates
Sensitive actions pause for human review. Emails, reports, data edits, and external actions require explicit sign-off before release. Configurable per workflow.
Full audit logging
Centralised structured logging. Every mutating action, heartbeat state change, cost event, and approval is recorded as durable activity.
Sandboxed execution
Five execution backends: Local, Docker, SSH, Singularity, Modal. Container hardening and namespace isolation. Agents work in isolated environments.
Twilio webhook signature validation
SMS/voice integrations are validated against Twilio signatures to prevent remote code execution via forged webhooks.
Secure by default
Learn more about Headmaster's security architecture and how it protects your organization's sensitive workflows.
Request a security briefing