Security model
This page describes the security and operational safeguards implied by the current product specification. It does not claim third-party audits, certifications, or controls that are not documented in the repository.
TVs pair through QR or manual codes, reconnect as authenticated devices, and should keep a single active WebSocket connection per device. Short-lived access tokens and renewable sessions are part of the intended control model.
State sync, heartbeats, commands, template updates, and instant events are all defined around a structured WebSocket protocol with explicit message categories and acknowledgements.
The product definition requires explicit permissions for template publishing, playlist activation, branch and organization event dispatch, TV moves, resets, cache inspection, mini-shell usage, and reload actions.
Safe playlist switching, cache continuity, background update activation, rollback behavior, and fallback visual states are treated as reliability and safety requirements, not optional polish.
Responsible wording