Skip to main content

Safety model

The website should make Phonton's trust boundary concrete:

Configuration lives on the developer machine.
Repo context is indexed locally.
Memory and task history are local product surfaces.
Provider requests use the developer's configured provider credentials.
Review payloads are explicit.
Verification status is visible before handoff.

Verification gate

Generated work should be treated as ready only after checks pass or failure is reported clearly.

The public product language should avoid claims that are not backed by reproducible tasks and pinned benchmark runs.

What users should be able to inspect

Users should be able to answer these questions before trusting a result:

What plan did Phonton follow?
What context did it use?
What files changed?
Which checks ran?
Did any retry or escalation happen?
What remains for human review?

Verification gate
What users should be able to inspect