HEIWA

Governance & security summary

Human-governed execution with a narrow public boundary

Heiwa exposes only the supported public surfaces and keeps privileged runtime behavior behind operator workflows. Docs, status, and marketing stay read-only; runtime control remains on the Railway-hosted hub and approved local operator paths.

Change Control

  • Public claims must be backed by docs and CI.
  • Humans review, merge, and deploy.
  • CI gates run hub smoke tests, docs build, and web static checks.

Secrets & Data

  • No runtime secrets committed to repos.
  • Public pages stay read-only and public-safe.
  • Cloud secrets are managed in provider variables.

Execution Boundaries

  • Railway runs the public runtime surface.
  • Cloudflare Pages hosts marketing, docs, and read-only status shell.
  • WebSocket-first status streaming is the preferred live transport.

Supported v1 surface

CLI, MCP, HTTP API, and docs

Legacy chat ingress, experimental canvases, and planned auth surfaces are not represented here as stack-complete. This page describes only the surfaces that the repo now treats as first-class.

Public docsCloudflare Pages
Runtime hostRailway
State directionSpacetimeDB