Agent-first hosting: create apps, commit code, deploy, get HTTPS URLs. OAuth sign-in, no tokens.
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Agent-first hosting: create apps, commit code, deploy, get HTTPS URLs. OAuth sign-in, no tokens.