Security
Built so you can hand an agent the keys
bowline carries source, env, and secrets between your machines and agents. This page lays out what keeps that safe, and why your code is never trapped inside it.
The trust model, in plain terms
Three properties do most of the work. None of them ask you to manage a mount, a vault, or a dashboard.
Encrypted in transit and at rest
Workspace files, env, and secrets are stored as encrypted state and rematerialize as normal files only on devices you trust. The relay carries ciphertext; your keys stay with your devices.
Device trust, not blanket access
Each machine and agent host is approved explicitly, from a session you already trust, and can be revoked at any time. Lost a laptop or spun down an agent host? Revoke it and it can no longer rematerialize your workspace.
Recovery keys you hold
Generate and verify a recovery key so you never lose access to your own workspace, even if you lose every machine at once. You hold it; we cannot regenerate it for you, and that is the point.
Nothing an agent does is silent or lost
Agents edit your live ~/Code by default, so you don't have to babysit them. What keeps that safe is that nothing is ever silent or lost.
Every change an agent makes is snapshotted and synced to your machines. You can see it, resume it, or roll it back. When two machines diverge offline, bowline records an explicit conflict record and keeps both versions. There is no silent last-writer-wins; you resolve it with a clear review step.
When a run is risky, gate it. Run the agent in an isolated overlay and inspect the diff with bowline review before applying it with bowline accept. The live default keeps you out of the loop; the gate is there when you want it.
Real folders on disk, no lock-in
The safest security property is the one you can walk away from.
~/Code is ordinary local directories, not a mount. Because the files are real, nothing is trapped inside: uninstall bowline and your code is still right there. No mount to unwind, no export step.
You do not have to take our word for any of this. The CLI and daemon are open source under Apache 2.0, and the security-sensitive parts (device trust, recovery keys, and workspace encryption) are readable on GitHub.
Your ~/Code, on every machine and every agent.
Install bowline and your projects follow you. It just works.
curl -fsSL https://install.bowline.sh | shmacOS app · Linux CLI. Then run bowline login.