Security Protocol

The Security of the Atelier

Social Manager is designed as a self-hosted publishing control room, not a disposable dashboard. Session access, credential routing, and queue execution are kept deliberately strict so that publishing remains traceable, calm, and production-safe.

Return to Login Operator Access Read-only surface

Session Posture

Password gated

Operator login required for control room access

UI access is granted through the configured installation password and persisted via the smm_session cookie with server-side session storage.

Credential Storage

Self-hosted

Project defaults and channel overrides are stored separately

Project credentials define the default platform route, while channel credentials are reserved for target-specific exceptions.

Queue Safeguards

Fail closed

Production publishing never falls back to the fake adapter

If the required credential route is missing, the system refuses to publish rather than silently degrade into unsafe behavior.

Validation Discipline

Route scoped

Project and channel validation are intentionally separate

Operators should validate the route they plan to use, because channel overrides do not borrow project validation coverage.

Credential Logic

The workspace uses two credential layers on purpose: a stable default route for the project, and narrowly scoped overrides only when a specific destination needs different access.

Project Defaults

Primary route for platform-wide publishing, validation, and discovery.

Baseline route

Project credentials are stored per platform and should be the first place operators establish stable access for LinkedIn, Pinterest, Instagram, or TikTok.

Platform coverage OAuth where available Validation ready

Channel Overrides

Exception route for one imported target, author, or board.

Scoped exception

Channel credentials are appropriate when a single organization, member, or board requires isolated access. They are not a convenience duplicate of the project credential.

Target specific Publish strictness Separate validation

Operational nuance: channel sync and discovery may borrow the project credential when no override exists, but channel-bound publishing in production expects the channel credential route to be explicitly present.

Queue Safeguards

The queue is designed to protect operators from accidental silent failure, unsafe publishing fallbacks, and ambiguous ownership of credential routes.

Fail closed in production

If the required platform or channel credential is missing, the publisher refuses the action rather than using the fake adapter as a hidden fallback.

Validate before queueing

Credential validation is exposed at the UI layer so operators can confirm access before the schedule reaches an execution window.

Imported channels can inherit intentionally

When a channel is imported, project credentials may be copied into the channel route to establish a stable target-specific baseline without manual re-entry.

Operator Field Manual

Practical rules for keeping credential handling clean and queue behavior predictable.

Prefer OAuth when the platform supports it

LinkedIn and Pinterest should use OAuth first so raw secrets do not become the default operational path.

Rotate access on ownership changes

If a client, board owner, or author route changes hands, refresh the relevant token immediately and validate before resuming scheduling.

Override only when the route truly diverges

Keep the project route canonical. Move into channel credentials only when a single destination must stay isolated from the baseline.

Validate right after replacement

Do not assume a stored field is usable. Every token, board, or author change should be validated before it is trusted by the queue.

Operator Support

Escalation path

Support for this installation lives with the operator team that owns the workspace, credentials, and scheduler. Use the dedicated support guide when a queue incident needs a calmer, more procedural response.

Open Operator Support

Expert-Only Operation

This workspace is meant for a small operator team that values deliberate routing, recoverable scheduling, and quiet confidence over automation theater.

Self-hosted Credential aware Queue protected