Keep repo execution local and make the work auditable.

DexCode should reduce trust risk by showing what happened without forcing every repo into a hosted execution environment on day one.

Boundary

What DexCode should hold

The control plane stores run metadata and evidence, not unlimited repo access.

Required

CLI and API tokens should be revocable, named and scoped to the account.

Required

Artifacts need configurable retention because traces and screenshots can contain sensitive context.

Required

Merge, deploy and customer-facing changes still need explicit owner approval.

Controls

Trust work belongs in the product, not in scattered docs.

Planned

Set weekly and monthly limits by account, user and provider.

Planned

Export run history, actors, tokens, PRs and evidence for review.

Planned

Separate public PR links from private account-only evidence.

Shared app

The consolidated dashboard makes it obvious who can use Dex and which account owns the work.