Nina Revenue OS

Security and governance

Nina keeps private execution separate from public discovery.

Public SEO pages document the system. The console, provider credentials, workflow execution, store actions, and MCP transport remain behind session, approval, idempotency, and evidence controls.

Controls

Current public security posture

  • Console access is Google-authenticated and allowlisted.
  • Private API and MCP calls require a same-origin operator session.
  • Provider execution and publication bridges are opt-in side-effect boundaries.
  • Commerce, social, and conversion webhooks use secret or provider-native signature verification.
  • Evidence metadata is redacted before durable retention.
  • Workflow checkpoints preserve approval, rejection, and replay posture.

Launch review

Before widening access

  • Verify custom domain, canonical URL, and Search Console property before public launch.
  • Keep API routes noindexed with X-Robots-Tag and never include secrets in public JSON-LD.
  • Require explicit operator approval before live commerce or publication side effects.
  • Use idempotency keys for provider calls, checkout events, and webhooks.
  • Audit provider spend reconciliation before scaling paid execution.