Security
Honest aboutwhat we can and cannot see.
No marketing absolutes. Here is exactly how the connection works, who holds the keys, and what the relay does and does not have access to.
Trust model
Outbound-only · you hold the keys · self-host

Outbound-only
Your machines dial the relay. Nothing listens for inbound connections, so there are no open ports to scan or exploit and no firewall holes to punch.
You hold the keys
Credentials and provider keys live on your machines and in your accounts, not baked into the agent. Revoke a machine and its access is gone.
Self-hostable relay
Every account gets an isolated relay domain, provisioned just for your fleet — TLS termination and routing that no other customer shares.
What the relay can see
- That a machine is online and reachable, for presence and routing.
- Messages it routes between you and your machines while it relays them.
- On the hosted plan, metadata needed to meter fleet usage and run Jarvis.
What it does not do
- It does not store your machine credentials — those stay on the machines.
- It does not need root on your machines; the agent runs as your user.
- Your relay domain is single-tenant — no other customer's fleet is routed through it.
Verify it yourself
01Watch the network — the agent only makes outbound connections.
02Check the process — it runs as your user, not root.
03Read the SDK source — the Python and JS SDKs are MIT at github.com/commandoperator/cmdop-sdk.