121 CollaborativeQuill web surface scaffold

User-sovereign vault

Vault Credentials

Credential inventory and permission model for the Quill workspace. This Foundation Release surface is a working trust prototype, not a live secret store.

Prototype only. Encrypted storage is not active; real credentials stay out of this surface.
Prototype

Access boundaries

What each credential can touch

Prototype

This prototype makes the trust contract visible before storage exists: no raw key fields, no hidden provider access, and no mutation-capable credential without scope, spend, and audit context.

Switchboard provider pool

Prototype
Key status
No visitor keys stored
Spend limit
Foundation release cap: display-only. Enforcement backend is pending.
Access
Routes preview chat through approved low-cost provider adapters when backend routing is enabled.
Audit
Every future routed call must write provider, model, cost class, and surface origin to the action ledger.
Allowed surfaces
  • Hermes chat prototype
  • Switchboard status display
Blocked surfaces
  • Vault memory writes
  • billing mutations
  • external sends

No action needed. This is a system-provider posture preview.

User BYOK provider

Prototype
Key status
No raw secret input rendered
Spend limit
Per-provider monthly soft cap and hard kill switch are planned.
Access
Lets a signed-in user bind a provider key to specific Quill surfaces after encrypted storage is active.
Audit
Future view will show last used, token spend, enabled surfaces, and revocation history.
Allowed surfaces
  • Personal chat
  • RAG retrieval
  • developer API tests
Blocked surfaces
  • Public anonymous preview
  • other users' workspaces
  • agent training

Wait for encrypted vault storage before pasting any real credential.

Local model endpoint

Coming Later
Key status
Endpoint not connected
Spend limit
Local resource budget and health checks only.
Access
Reserved for local or 121-owned model interfaces without moving user data through hosted providers.
Audit
Must record endpoint identity, capability class, and data boundary before activation.
Allowed surfaces
  • Private workspace experiments
  • future owned-model interface
Blocked surfaces
  • Public chat
  • production API consumers
  • irreversible actions

No setup until the owned/local model interface is explicitly enabled.

Encrypted-at-rest credential storage before any raw key entry.

User-scoped row-level boundaries for every stored key.

Per-key capability cards that explain what the key can access.

Spend limits with soft warning and hard kill behavior.

Action ledger entries for key creation, use, disablement, and deletion.

Export/delete path that respects user sovereignty and app-store compliance.