Security
OpenCause Compute uses invite-based worker enrollment, node tokens for worker API authentication, protected admin routes, and asymmetric Ed25519 work-packet signatures in hosted mode.
- Workers verify coordinator-signed packets with a public key.
- Coordinator private signing keys are not distributed to volunteers.
- Suspended or revoked nodes cannot heartbeat, claim, or submit work.
- Admin pages and coordinator read APIs are not public surfaces.
- Local worker logs should remain visible to the volunteer.
This is still private-alpha software. Public launch still requires stronger packaging, sandboxing, audit logs, rate limiting, incident response, and consensus validation.