Local evidence
Reports and browser artifacts stay in the repository run directory unless you explicitly upload them through CI.
Preflight ScoutSECURITY / FAIL CLOSED
Use Preflight Scout against local, preview, or staging environments. The built-in Playwright runner enforces the rules below. External agents and custom commands do not; they use their own browser, filesystem, and network permissions.
Reports and browser artifacts stay in the repository run directory unless you explicitly upload them through CI.
Browser missions receive only the exact role credentials named in the reviewed configuration. Provider and infrastructure secrets are rejected.
The built-in browser runner stays on the exact HTTP(S) origin approved for the mission and blocks off-origin or local-file navigation.
Preflight Scout proposes checks and records evidence. It does not turn a passing mission into an automatic production decision.
Preflight Scout sends the reviewed diff and limited repository context to the provider or local agent you choose. Secret values are redacted. Local evidence storage does not make model calls offline.
RESPONSIBLE DISCLOSURE
Use the private reporting path described in the repository’s security policy. Include the affected version, impact, reproduction steps, and any mitigations you have already tried.