Security

Built so you can hand an agent the keys

bowline carries source, env, and secrets between your machines and agents. This page lays out what keeps that safe, and why your code is never trapped inside it.

The trust model, in plain terms

Three properties do most of the work. None of them ask you to manage a mount, a vault, or a dashboard.

Encrypted in transit and at rest

Workspace files, env, and secrets are stored as encrypted state and rematerialize as normal files only on devices you trust. The relay carries ciphertext; your keys stay with your devices.

Device trust, not blanket access

Each machine and agent host is approved explicitly, from a session you already trust, and can be revoked at any time. Lost a laptop or spun down an agent host? Revoke it and it can no longer rematerialize your workspace.

Recovery keys you hold

Generate and verify a recovery key so you never lose access to your own workspace, even if you lose every machine at once. You hold it; we cannot regenerate it for you, and that is the point.

Nothing an agent does is silent or lost

Agents edit your live ~/Code by default, so you don't have to babysit them. What keeps that safe is that nothing is ever silent or lost.

Every change an agent makes is snapshotted and synced to your machines. You can see it, resume it, or roll it back. When two machines diverge offline, bowline records an explicit conflict record and keeps both versions. There is no silent last-writer-wins; you resolve it with a clear review step.

When a run is risky, gate it. Run the agent in an isolated overlay and inspect the diff with bowline review before applying it with bowline accept. The live default keeps you out of the loop; the gate is there when you want it.

Real folders on disk, no lock-in

The safest security property is the one you can walk away from.

~/Code is ordinary local directories, not a mount. Because the files are real, nothing is trapped inside: uninstall bowline and your code is still right there. No mount to unwind, no export step.

You do not have to take our word for any of this. The CLI and daemon are open source under Apache 2.0, and the security-sensitive parts (device trust, recovery keys, and workspace encryption) are readable on GitHub.

ready when you are

Your ~/Code, on every machine and every agent.

Install bowline and your projects follow you. It just works.

Get started
curl -fsSL https://install.bowline.sh | sh

macOS app · Linux CLI. Then run bowline login.