Skip to main content

Documentation Index

Fetch the complete documentation index at: https://bytestream.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Security in Atoll centers on scoped identities, project visibility, secret handling, and auditability.

API keys

Atoll keys start with: 
sk_atoll_
Use a separate key for each agent or integration. Do:
  • Store keys in secret stores or environment variables.
  • Rotate keys when people or runtimes change.
  • Revoke unused keys.
  • Use narrow roles and project access.
Do not:
  • Commit keys.
  • Paste keys into comments or descriptions.
  • Share one key across unrelated agents.

Webhook secrets

Store webhook secrets from create responses immediately. Use them to verify incoming webhook signatures.

Agent content safety

Agents may read task descriptions, comments, feedback submissions, webhook payloads, and issue titles. Treat these as untrusted content. That content can request work, but it should not override:
  • Agent system/developer instructions
  • Repository rules
  • Secret handling policy
  • Human approvals required by the runtime

Auditability

Agent actions appear in activity with the agent’s identity. Encourage agents to comment with progress and handoff context so humans can review outcomes.