1. Identity Gate
Owner, operator, entity, device, and session are verified before any account or endpoint is linked. Admin access later requires passkey or Apple sign-in plus 2FA.
KNOX API Handler
Architecture first. Secrets never shown.
KNOX is the control layer between owners, operators, provider accounts, API keys, endpoint IDs, apps, and audit records. Network hardware is only one possible endpoint under the handler.
Core architecture
The handler sits between people and keys.
Owners and authorised operators do not manually scatter API keys through notes, screenshots, emails, dashboards, and apps. KNOX maps authority, stores custody records, exposes redacted status, and routes provider actions through controlled adapters.
2. KNOX Handler
Secrets are held in Keychain or a proper vault, converted into redacted endpoint records, and linked to apps, entities, spend channels, owners, and audit events.
3. Provider Adapters
OpenAI, Twilio, ElevenLabs, Stripe, UniFi, Cloudflare, and future providers each get explicit adapter rules for read, write, revoke, rotate, and verify.
Runtime flow
From raw key to controlled endpoint.
The product is the operating path: ingest, verify, map, use, rotate, and audit. Destructive automation stays disabled until provider adapters prove they can revoke and replace safely.
Ingest and verify
Provider keys are entered once through a controlled path, checked against the provider, and reduced to endpoint identity, status, scope, owner, and source.
Use without display
Apps request capability through KNOX. Humans see state, cost, system, and alarms; they do not see raw keys unless a break-glass owner process exists.
Fresh rotation
Fresh prepares revoke, regenerate, redistribute, verify, and rollback plans. One-click rotation only ships after provider adapters and dry-runs are tested.
Store Gate
Not submitted. Not ready for Apple yet.
The acceptance-critical path is Apple Developer organization setup, privacy policy, support URL, reviewer demo mode, production HTTPS/demo API facade, and a properly signed archive. This public page is only an architecture placeholder.
No tracking and no backend run on this static page. KNOX API is currently a private/local pilot and must not expose raw keys or private local endpoints publicly. Fresh rotation and provider automation are only claimed after adapters are implemented and tested.