Updated 2026-07-04

Local-first does not mean careless

Disp8ch is designed for self-hosted control, but every deployment is still your responsibility. Be careful with exposed ports, channel bot tokens, API keys, and workflows that can write files, send messages, call paid APIs, or execute commands.

Approval model

Material workflow effects are classified just before execution. Reads can run automatically under balanced policy, while external sends, destructive actions, credential handling, and unknown actions require stronger controls.

  • Approvals are bound to the exact workflow version, node, target, and payload.
  • Completed side effects cannot reuse old approvals.
  • Unattended runs fail closed for high-risk effects unless a matching pre-authorization exists.

Credential storage

Use environment references or the app secret store for provider keys and channel tokens. Keep local OAuth state, auth JSON, .env.local, and credential folders outside public commits.

Next step

This doc mirrors the in-app Docs tab. Install Disp8ch, open onboarding, and use WebChat when you want the app to inspect your current setup.

Install Disp8ch