Dual-Endpoint AI and Security Scanner Design
March 12 was about making advanced capabilities easier to operate without making them loose.
The Ollama tunnel work documented a dual-endpoint architecture: one path for browser-facing product behavior and one path for operator verification. Keeping those concerns separate makes local AI easier to debug and less likely to become an accidental public surface.
The Security Scanner work moved in the same direction. AI triage is useful only when it is wrapped in reviewable controls, caching, and clear remediation boundaries. The scanner design treats AI as an assistant in a security workflow, not as an unchecked mutation engine.
What Changed
- Dual-endpoint Cloudflare Tunnel architecture was documented for local AI access.
- Verification notes were added for endpoint health and deployment behavior.
- Security Scanner design advanced around AI triage, KV caching, and staged remediation.
- Demo sidebar and documentation fixes reduced product confusion around these surfaces.
Why It Matters
Security tooling has to feel calm. The user should see clear status, useful recommendations, and explicit action boundaries. This work pushed ArgoBox toward that standard.
Source Sessions
Vaults/argobox/ops/sessions/2026-03-12/