Security

User code runs inside Docker containers—not on the host Node process. Synaro aims to combine OS-level isolation with quotas and network restrictions.

• Per-project environments with start/stop controls
• Session-based auth; API routes check project membership
• Invite tokens with expiry and revocation
• Preview iframes sandboxed (allow-scripts, same-origin where needed)
• Planned: stricter network egress and idle teardown policies