Guide · Secured interaction · 8 min read

Secured Interaction

Kaptain can operate tools and project files, so the safe default is local-first, explicit access, and visible approval boundaries.

Reasoning is not execution

A model can suggest an action. Kaptain controls how actions reach tools. This distinction matters because shell commands, file writes, task changes, and external tools can affect real work. The user should be able to see what is being requested before risky execution happens.

Approvals

Approvals are the human checkpoint for actions that require trust. Read the command, file path, expected effect, and reason. Deny unclear prompts. Do not approve actions only because they came from a capable model.

Remote operation

Kaptain defaults to Local Only, meaning the browser on the same machine can connect. For phone or second-device access, use Tailscale and the current access token. Kaptain does not expose a public LAN/all-interface mode in this build.

This is intentional. Kaptain can run powerful local workflows, so remote access should be limited to trusted devices rather than broadcast broadly on a network.

Useful security habits

• Keep the selected project folder narrow.
• Keep automatic workflows off until the route is understood.
• Review approvals before execution.
• Use Tailscale for trusted-device access.
• Do not port-forward Kaptain to the public internet.
• Review BlackBox Traces after confusing or expensive turns.

Continue with the Setup Guide or BlackBox and God's Eye.