The workflow is the safeguard
- Nothing merges automatically. Every change arrives as a pull request for human review. Twill has no deploy access.
- Agents can’t push to your default branch. Work happens on task branches; repo access uses short-lived, scoped GitHub tokens.
- Code runs in Twill’s sandboxes, not your infrastructure. Unless you explicitly connect read-only cloud integrations, agents can’t see your infra at all.
Isolation
Each workspace gets its own sandboxed VM; each task runs in its own fork with CPU, memory, and disk quotas. Tasks can’t see other workspaces or interfere with each other’s runs.Data protection
- Environment secrets and OAuth tokens are encrypted at rest with AES-256-GCM; all traffic is HTTPS/TLS.
- Incoming webhooks (GitHub, Linear, Slack) are verified with HMAC-SHA256 signatures using timing-safe comparison; Slack requests older than 5 minutes are rejected to block replays.
- OAuth flows carry CSRF-protected state.
- Your code and prompts are never used to train models.