Essays, release notes, and technical deep-dives on device-bound authentication, secret management, and why we think the industry's approach to machine identity is broken.
AI coding tools generate more backends in a month than teams used to build in a year. Each one starts with a .env file full of static secrets. It doesn't have to.
Auto-generated passphrases, verbose backend detection, a docs sidebar, and the security hardening that shipped across the 0.3.x line.
Static API keys are a broken model. Over 1 million were leaked on GitHub in 2024. Here's why we think device-bound identity is the only honest fix.
Looking for release notes? See the full changelog.