Updates are encrypted while moving between agents, Visti, and your devices.
Security
A narrow door,
by design.
An agent can send to one channel. It cannot look inside your inbox, see another channel, or manage your account.
Encrypted, with one important distinction.
“Encrypted” can mean three different things. Here is exactly what Visti does today.
Cloudflare encrypts the storage underneath Visti and manages the keys. They are not device-only keys.
Visti's Worker processes content to validate, store, and deliver it. Do not treat it as a secrets vault.
What protects the door.
Access is deliberately small, observable, and replaceable.
A channel key can publish to one channel. It cannot read messages or reach anything else.
The server stores publish keys, device credentials, and pairing codes as peppered hashes.
Each agent gets an independent key. Remove one without interrupting the rest, and see when it was last used.
Publishing is rate-limited. Pairing codes work once, expire after ten minutes, and are rate-limited too.
Where each thing lives.
Storage protections are documented by Cloudflare for Durable Objects, D1, R2, and SSL/TLS.
Today's boundaries.
Security is also knowing where the edges are.
- Images use shareable capability links. The URL is unguessable, but anyone who receives it can fetch the image. Uploads are limited to PNG, JPEG, GIF, or WebP up to 5 MB; SVG is not accepted.
- Publish keys last until revoked. They do not expire automatically.
- Device credentials live locally. The Mac app currently uses its Application Support configuration; the web inbox uses browser local storage.
- Retention controls are not here yet. Visti does not currently offer self-service message deletion or retention settings.
- Pairing is the account recovery path. There is no email or OAuth recovery flow today.