Mobile companion app decision
What you'll find here
The MobileCompanionSurface contract — required controls, decision
rules, blocked behaviors, and the current shipped posture.
Not a credential cache.
A mobile companion may expose review notifications and explicit operator-triggered actions — it must not become a credential cache or uncontrolled remote automation channel.
What it records
Surface id
Support level
supported · experimental · deferred.
Operator consent requirement
Policy context preservation
Evidence link preservation
Receipt requirement
Credential storage posture
Encrypted device storage posture
Push notification controls
Remote action controls
Offline action controls
Documentation reference
Decision rules
Allowed (supported)
- Explicit operator consent
- Encrypted device storage
- Push notification controls
- Remote action controls
- Offline action controls
- Policy context
- Evidence links
- Receipts
Blocked
- Stores credentials
- Skips operator consent
- Unencrypted device storage
- Omits push notification controls
- Uncontrolled remote or offline actions
- Loses policy or evidence links
- Skips receipts
Experimental surfaces require explicit review. Deferred surfaces are not available as product surfaces.
Current posture
Governed extension point.
Reviewable notifications and explicit operator-triggered actions can be supported. Always-on automation, credential storage, uncontrolled remote actions, and offline action queues without receipts are deferred.