WireGuard-first
Thin-client connectivity is designed to run through controlled VPN paths instead of exposing services on endpoints.
Security
Default-secure endpoint connectivity
Beagle OS avoids public endpoint ports and prefers scoped credentials, WireGuard paths, explicit enrollment, and reproducible artifacts.
Scoped trust
Endpoint profiles, tunnel keys, and runtime credentials are generated for the assigned VM and should not be shared across fleets.
No website tracking
The public website avoids analytics, ads, profiling, newsletters, and public account flows.
Responsible disclosure
For security issues, contact contact@beagle-os.com. Include enough technical detail to reproduce the issue safely, but do not send production secrets.