No website password database
Account identity is handled by Sign in with ChatGPT. Agent Hub receives the verified identity needed to scope your records and does not store a separate website password.
SECURITY, WITHOUT THE HAND-WAVING
Security claims should be specific. This page describes the controls built into the Agent Hub website and the remaining early-access risk.
Account identity is handled by Sign in with ChatGPT. Agent Hub receives the verified identity needed to scope your records and does not store a separate website password.
Saved configurations are selected with the authenticated internal account ID. Deletion requires both the configuration ID and that account ID; ownership is never accepted from browser form data.
Names, modes, agents, notes, IDs, and upload metadata are checked against explicit allowlists and length limits before D1 accepts them.
Installer uploads require a high-entropy server secret. Large files are split into verified parts, tracked in D1, and streamed directly into private R2 storage.
WHERE DATA LIVES
RELEASE INTEGRITY
Compare the installer after downloading. A different hash means the file is not the published build and should not be opened.
56D4E248A113283EF4F41E47DEDCB4C5292309CE9BF10257BB183A437D6D48D6227,184,775 bytesKNOWN EARLY-ACCESS RISK
Windows SmartScreen may warn about an unknown publisher. HTTPS and SHA-256 protect delivery and detect changes, but they do not replace an Authenticode publisher signature. Code signing is the remaining supply-chain improvement for the installer.
READY TO TRY IT?