Visible workers. The bouncer at the door.
The hub contract is the agreement between every worker and the room it shows up in — so the workbench can show what's real, and nothing mutates your goals or plans without your say-so.
You see and control every worker, task, and result from one hub — and nothing mutates your goals or plans without owner authorization.
Mutating routes use require_owner — same-origin localhost is allowed for the local hub, otherwise a bearer token (COMPASS_OWNER_TOKEN) is required. Worker events stream over SSE; promote/reject UI actions become structured HandoffResultEnvelopes.
if is_same_origin and allowed_host: return ## local hub, trusted raise HTTPException(403, "owner token required") ## else: fails closed
dig in
Same-origin localhost is accepted without a bearer so the local desktop hub doesn't brick itself during setup — but anything cross-origin fails closed unless the token matches. Convenience locally, locked everywhere else.
It verifies origin, bearer, and schemas (Pydantic) — it does not yet do signed envelopes or per-worker cryptographic attestation. Roadmap, not shipped.
