Skip to content

Security

Backend-authoritative trust.

Real money flows through the server. The launcher renders the result, never decides it. Secrets stay on your machine. Builds are signed.

Authority by domain

Who owns the truth for each domain in the launcher.

DomainClientRealtimeServer
Identityobservedevent sourceauthoritative
Ownershipobservedevent sourceauthoritative
Library stateauthoritative
Paymentobservedauthoritative
Refundobservedevent sourceauthoritative
AI conversationsauthoritative (BYOK)— (unless opt-in)
Tokensencrypted storageissuer

Principles

  1. 01

    Backend is authoritative

    Real money flows through the server. The launcher renders the result, never decides it.

  2. 02

    Client state is observed

    Install / launch / path / runtime state is local; entitlement state is server.

  3. 03

    Secrets stay on your machine

    Tokens in flutter_secure_storage (DPAPI on Windows). AI keys never leave the client.

  4. 04

    BYOK for AI

    Your provider, your bill, your data. Eternia doesn't sit between you and the model.

  5. 05

    Signed installers

    Builds are signed by Arcadia Labs. SHA256 checksums published on /download.

Programs that depend on this

LibraryLive

Every game you own, in one place

MarketplaceIn flight

Backend-authoritative storefront

EducationIn flight

Courses as real products

AccountLive

Identity, on your terms

IntelligenceIn flight

AI surfaces with bring-your-own-key